core: call dynamic_user_acquire() only when 'group' is non-null

When unit is reloaded, and the reloaded unit has bad-setting, then
unit_patch_contexts() is not called and exec_context::user and group
may not be configured.

A minimum reproducer for the case is:
- step 1.
$ sudo systemctl edit --full hoge.service
[Service]
oneshot
ExecStart=sleep 1h

- step 2.
$ sudo systemctl start hoge.service

- step 3.
$ sudo systemctl edit --full hoge.service
[Service]
Type=oneshot
ExecStart=@bindir@/sleep 1h
DynamicUser=yes

Then pid1 crashed.

Fixes #14733.

(cherry picked from commit 50152bb1c5c311e97e9eeec3b09044925b6e3663)

Gbp-Pq: Name core-call-dynamic_user_acquire-only-when-group-is-non-nul.patch

diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c
index 75373407b4852cd7cf1739eba93a88c960845231..4dfa29d123452497b29ba62c75735e62663162e2 100644 (file)
--- a/src/core/dynamic-user.c
+++ b/src/core/dynamic-user.c
@@ -770,7 +770,7 @@ int dynamic_creds_acquire(DynamicCreds *creds, Manager *m, const char *user, con
 
                 if (creds->user && (!group || streq_ptr(user, group)))
                         creds->group = dynamic_user_ref(creds->user);
-                else {
+                else if (group) {
                         r = dynamic_user_acquire(m, group, &creds->group);
                         if (r < 0) {
                                 if (acquired)