Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(RHEL-28048) pam: add call to pam_umask #435

Merged
merged 2 commits into from
Apr 11, 2024
Merged

(RHEL-28048) pam: add call to pam_umask #435

merged 2 commits into from
Apr 11, 2024

Conversation

jamacku
Copy link
Member

@jamacku jamacku commented Mar 12, 2024
edited by github-actions bot
Loading

Setting umask for user sessions via UMASK setting in /etc/login.defs is
a well-known feature. Let's make sure that user manager also runs with
this umask value.

Follow-up for 5e37d19.

(cherry picked from commit 159f1b78576ce91c3932f4867f07361a530875d3)

Resolves: RHEL-28048

fbuihuu and others added 2 commits March 12, 2024 09:16
@fbuihuu @jamacku
pid1: by default make user units inherit their umask from the user ma…
316f473 
…nager

This patch changes the way user managers set the default umask for the units it
manages.

Indeed one can expect that if user manager's umask is redefined through PAM
(via /etc/login.defs or pam_umask), all its children including the units it
spawns have their umask set to the new value.

Hence make user units inherit their umask value from their parent instead of
the hard coded value 0022 but allow them to override this value via their unit
file.

Note that reexecuting managers with 'systemctl daemon-reexec' after changing
UMask= has no effect. To take effect managers need to be restarted with
'systemct restart' instead. This behavior was already present before this
patch.

Fixes #6077.

(cherry picked from commit 5e37d19)

Related: RHEL-28048
@msekletar @jamacku
pam: add call to pam_umask
0abba51 
Setting umask for user sessions via UMASK setting in /etc/login.defs is
a well-known feature. Let's make sure that user manager also runs with
this umask value.

Follow-up for 5e37d19.

(cherry picked from commit 159f1b78576ce91c3932f4867f07361a530875d3)

Resolves: RHEL-28048
@github-actions github-actions bot changed the title pam: add call to pam_umask (RHEL-28048) pam: add call to pam_umask Mar 12, 2024
@github-actions github-actions bot added rhel-8.10.0 pr/needs-ci Formerly needs-ci pr/needs-review Formerly needs-review labels Mar 12, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 12, 2024
edited
Loading

Commit validation

Tracker - RHEL-28048

The following commits meet all requirements

commit upstream
316f473 - pid1: by default make user units inherit their umask from the user man… systemd/systemd@5e37d19
0abba51 - pam: add call to pam_umask systemd/systemd@159f1b7

Tracker validation

Success

🟢 Tracker RHEL-28048 has set desired product: rhel-8.8.0
🟢 Tracker RHEL-28048 has set desired component: systemd
🟢 Tracker RHEL-28048 has been approved

Pull Request validation

Success

🟡 CI - Waived
🟢 Review - Reviewed by a member
🟢 Approval - Changes were approved

Auto Merge

Failed

🔴 Pull Request has unsupported target branch rhel-8.10.0, expected branches are: 'main,master'

Success

🟢 Pull Request is not marked as draft and it's not blocked by dont-merge label
🟢 Pull Request meet requirements, title has correct form
🟢 Pull Request meet requirements, mergeable is true
🟠 Pull Request meet requirements, mergeable_state is unstable

@jamacku jamacku requested a review from msekletar March 12, 2024 08:19
dtardon
dtardon approved these changes Mar 13, 2024
View reviewed changes
Copy link
Member

@dtardon dtardon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions github-actions bot removed the pr/needs-review Formerly needs-review label Mar 13, 2024
@jamacku
Copy link
Member Author

jamacku commented Mar 13, 2024

@mrc0mmand I assume that CI failure is unrelated to the changes according to

@mrc0mmand
Copy link
Member

@mrc0mmand I assume that CI failure is unrelated to the changes according to

* [Outstanding CI issue #434](https://github.com/redhat-plumbers/systemd-rhel8/issues/434)

Yeah, that's unrelated. I'll try to look into that and work around it (somehow).

@github-actions github-actions bot added pr/needs-manual-merge and removed pr/needs-ci Formerly needs-ci labels Mar 13, 2024
@github-actions github-actions bot added tracker/missing Formerly needs-bz and removed tracker/missing Formerly needs-bz labels Mar 30, 2024
@jamacku jamacku merged commit 49dbe60 into redhat-plumbers:rhel-8.10.0 Apr 11, 2024
7 of 9 checks passed
@jamacku jamacku deleted the RHEL-28048-umask branch April 11, 2024 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dtardon dtardon dtardon approved these changes

@msekletar msekletar Awaiting requested review from msekletar

Assignees
No one assigned
Labels
ci-waived pr/needs-manual-merge released rhel-8.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jamacku @mrc0mmand @dtardon @fbuihuu @msekletar