touch-packages team mailing list archive

[Launchpad Bug Tracker <1450960@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package systemd - 227-2ubuntu1

---------------
systemd (227-2ubuntu1) xenial; urgency=medium

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - Hack to support system-image read-only /etc, and modify files in
      /etc/writable/ instead.
    - Simpler udev maintainer scripts (all platforms must support udev, no
      debconf).
    - initramfs init-bottom: If LVM is installed, settle udev,
      otherwise we get missing LV symlinks. Workaround for LP #1185394.
    - Add debian/udev.lvm2.init: Dummy SysV init script to satisfy insserv
      dependencies to "lvm2" which is handled with udev rules in Ubuntu.
    - Add debian/udev.lvm2.service to avoid running the dummy lvm2 init
      script.
    - Provide shutdown fallback for upstart. (LP: #1370329)
    - debian/extra/ifup@.service: Additionally run for "auto" class. We don't
      really support "allow-hotplug" in Ubuntu at the moment, so we need to
      deal with "auto" devices appearing after "/etc/init.d/networking start"
      already ran. (LP: #1374521)
    - ifup@.service: Drop dependency on networking.service (i. e.
      /etc/init.d/networking), and merely ensure that /run/network exists.
      This avoids unnecessary dependencies/waiting during boot and dependency
      cycles if hooks wait for other interfaces to come up (like ifenslave
      with bonding interfaces). (LP: #1414544)
    - Add Get-RTC-is-in-local-time-setting-from-etc-default-rc.patch: In
      Ubuntu we currently keep the setting whether the RTC is in local or UTC
      time in /etc/default/rcS "UTC=yes|no", instead of /etc/adjtime.
      (LP: #1377258)
    - networkd: Change IPForward= default to "kernel". This keeps
      compatibility with lots of packages which expect to be able to
      enable global forwarding in /proc/sys/net/ipv4/ip_forward.
      (LP: #1500992)
    - Put session scopes into all cgroup controllers. This makes unprivileged
      user LXC containers work under systemd. (LP: #1346734)
    - Don't attempt to migrate pid 1 itself when migrating cgroups for started
      units; works around some not yet understood cgproxy/systemd interaction.
      This particularly unbreaks cgproxy in LXC. (LP: #1491557)
    - Lower Breaks: to plymouth version which has the udev inotify fix in
      Ubuntu.
    - Change systemd-sysv's conflicts to upstart-sysv. (LP: #1422681)
    - Don't build new systemd-journal-remote package and drop
      libmicrohttpd-dev. This is blocked by the MIR (LP #1488341).
    - Build using libseccomp on all architectures (See Debian #800818)

    Upgrade fixes, keep until 16.04 LTS release:
    - systemd Conflicts/Replaces/Provides systemd-services.
    - Remove obsolete systemd-logind upstart job.
    - Clean up obsolete /etc/udev/rules.d/README.
    - systemd.postinst: Migrate mountall specific fstab options to standard
      util-linux "nofail" option.
    - systemctl: Don't forward telinit u to upstart. This works around
      upstart's Restart() always reexec'ing /sbin/init on Restart(), even if
      that changes to point to systemd during the upgrade. This avoids running
      systemd during a dist-upgrade. (LP: #1430479)

systemd (227-3) UNRELEASED; urgency=medium

  [ Martin Pitt ]
  * debian/tests/logind: Add tests for scheduled shutdown with and without
    wall message.
  * Import upstream fix for not unmounting system mounts (#801361) and drop
    our revert patch.
  * debian/tests/boot-smoke: Apply check for failed unmounts only to user
    systemd processes, i. e. not to pid 1.
  * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough
    initramfs-tools already, and this was just an error message, not breaking
    the boot.
  * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is
    faster.
  * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly
    academic and only applies to the already known-broken situation that rcS
    init.d scripts depend on $remote_fs.

  [ Michael Biebl ]
  * Drop dependency on udev from the systemd package. We don't need udev
    within a container, so this allows us to trim down the footprint by not
    installing the udev package.

systemd (227-2) unstable; urgency=medium

  * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes
    connection errors from various services on boot. (Closes: #801354)
  * debian/tests/boot-smoke: Check for failed unmounts. This reproduces
    #801361 (but not in a minimal VM, just in a desktop one).
  * Revert "core: add a "Requires=" dependency between units and the
    slices they are located in". This causes user systemd instances to try and
    unmount system mounts (and succeed if you login as root).
    (Closes: #801361)

systemd (227-1) unstable; urgency=medium

  * New upstream release.
    - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460)
    - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326)
    - Fix group of RuntimeDirectory dirs. (Closes: #798391)
    - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324)
    - Bump util-linux/libmount-dev dependencies to >= 2.27.
  * debian/libsystemd0.symbols: Add new symbols for this release.
  * debian/extra/initramfs-tools/hooks/udev: Copy all
    /etc/udev/rules.d/*.rules rules which are not merely overriding the one in
    /lib/, not just 70-persistent-net.rules.  They might contain network names
    or other bits which are relevant for the initramfs. (Closes: #795494)
  * ifup@.service: Drop PartOf=network.target; we don't want to stop these
    units during shutdown. Stopping networking.service already shuts down the
    interfaces, but contains the safeguard for NFS or other network file
    systems. Isolating emergency.target still keeps working as before as well,
    as this also stops networking.service. (Closes: #761909, LP: #1492546)

systemd (226-4) unstable; urgency=medium

  * debian/tests/logind: Be more verbose on failures.
  * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the
    existing hooks are not relevant or even actively detrimental when running
    with networkd. For the relevant ones, a lot of them should be fixed in the
    projects themselves (using IP_FREEBIND etc.). (Closes: #798625)
  * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS
    server updates from networkd to resolvconf, if installed and enabled.
  * Don't restart logind on upgrades any more. This kills X.org (#798097)
    while logind doesn't save/restore its open fds (issue #1163), and also
    gets confused about being idle in between (LP: #1473800)

systemd (226-3) unstable; urgency=medium

  [ Martin Pitt ]
  * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso.
    (Closes: #798737)

  [ Michael Biebl ]
  * Stop building the compat library packages and drop them for good.
  * Update debian/copyright.

systemd (226-2) unstable; urgency=medium

  * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960)
  * udev.postinst: udev 226 introduced predictable interface names for virtio.
    Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to
    disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances
    and similar environments. (Closes: #799034)

systemd (226-1) unstable; urgency=medium

  [ Martin Pitt ]
  * New upstream release:
    - Fix scheduled shutdown to not shut down immediately. (Closes: #797763)
    - Fix description of CPE_NAME in os-release(5). (Closes: #797768)
  * debian/libsystemd0.symbols: Add new symbols from this release.
  * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403)
  * debian/tests/networkd: Add hotplug tests.
  * Make networkd call if-up.d/ scripts when it brings up interfaces, to
    become compatible with ifupdown and NetworkManager for packages shipping
    hooks. (LP: #1492129)
    - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for
      calling if-up.d/ or if-post-down.d/ hook scripts. Install it as
      root:systemd-networkd 4754 so that only networkd can run it.
    - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the
      above wrapper when links go up/down.
    - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts
      get run for a networkd managed interface.
    - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as
      they are often not applicable for networkd (if-pre-up.d) and unreliable
      (if-down.d).
  * Drop udev-finish. We needed this for the autogenerated CD and network
    interface names, but both are gone now.
  * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has
    been compiled into the kernel in both Debian and Ubuntu for a fair while,
    this never had a systemd equivalent, and Debian never shipped the
    accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY.
  * debian/control: Remove some boilerplate from the long descriptions, to
    more easily get to the point what a specific package actually does.
  * debian/README.Debian: As systemd is the default init now, replace the
    documentation how to switch to systemd with how to switch back
    (temporarily or permanently) to SysV init. Also move that paragraph to the
    bottom as it's now less important.
  * debian/README.Debian: Add a hint why you may want to enable persistent
    journal, and suggest to uninstall system-log-daemon to avoid duplicate
    logging.
  * debian/README.Debian: Add documentation about networkd integration.
  * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes
    easier to override.
  * debian-fixup.service just has one purpose now (make /etc/mtab a symlink),
    so drop the debian/extra/debian-fixup shell script and put the ln command
    directly into debian-fixup.service. Update the description.
  * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's
    nameserver in case it is a symlink (i. e. dynamically managed by
    systemd-resolved or resolvconf).
  * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/
    as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as
    expected.
  * Drop debian/systemd-journal-remote.postrm: Removing system users is
    potentially dangerous (there might be a leftover process after purging).

  [ Michael Biebl ]
  * Drop libsystemd-login-dev. All reverse dependencies have been updated to
    use libsystemd-dev directly.
  * Update build instructions to use "gbp clone" instead of "gbp-clone" as all
    gbp-* commands have been removed from git-buildpackage.

 -- Martin Pitt <martin.pitt@xxxxxxxxxx>  Wed, 28 Oct 2015 09:46:04
+0100

** Changed in: systemd (Ubuntu)
       Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1450960

Title:
  dev file system is mounted without nosuid

Status in initramfs-tools package in Ubuntu:
  Fix Released
Status in lxc package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  I just found that the /dev filesystem of most Ubuntu system is mounted
  without noexec, nosuid etc options.

  If you do everything to harden your system, and you are using squashfs
  as root file system (which is read-only), such auto-mounted devices
  can be a serious leak.

  This volume usually is quite small and for most folders only root has
  write access, so I don't know how much this bug is security relevant,
  but I think there is no reason to not change the mount options for
  /dev. And especially for LXC containers, I don't even know a
  workaround to fix it.

  STEPS TO REPRODUCE:

  me:~# cat >/dev/call-me.sh <<.e
  > #!/bin/sh
  > echo "I'm executable"
  > .e

  me:~# chmod +x /dev/call-me.sh

  me:~# /dev/call-me.sh
  I'm executable

  EXPECTED BEHAVIOUR

  me:~# /dev/call-me.sh
  -bash: /dev/call-me.sh: Permission denied

  WORKAROUND

  me:~# mount -oremount,noexec,nosuid /dev

  me:~# /dev/call-me.sh
  -bash: /dev/call-me.sh: Permission denied

  Unfortunately, this workaround doesn't work in LXC containers (where
  the same problem occurs) because of missing capabilities.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: udev 204-5ubuntu20.11
  ProcVersionSignature: Ubuntu 3.13.0-49.83-generic 3.13.11-ckt17
  Uname: Linux 3.13.0-49-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.10
  Architecture: amd64
  CurrentDesktop: XFCE
  CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
  CustomUdevRuleFiles: 51-android.rules 60-vboxdrv.rules
  Date: Sat May  2 01:48:26 2015
  MachineType: Gigabyte Technology Co., Ltd. H97-HD3
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-49-generic root=/dev/mapper/vg_ssd-lv_system_trusty1404 ro
  SourcePackage: systemd
  UpgradeStatus: Upgraded to trusty on 2014-04-18 (378 days ago)
  dmi.bios.date: 06/26/2014
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F5
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: H97-HD3
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF5:bd06/26/2014:svnGigabyteTechnologyCo.,Ltd.:pnH97-HD3:pvrTobefilledbyO.E.M.:rvnGigabyteTechnologyCo.,Ltd.:rnH97-HD3:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.name: H97-HD3
  dmi.product.version: To be filled by O.E.M.
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1450960/+subscriptions