From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 3 Feb 2020 11:18:02 +0000 (+0900)
Subject: core: call dynamic_user_acquire() only when 'group' is non-null
X-Git-Tag: archive/raspbian/244.3-1+rpi1^2~19
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=dc4e23cc4d7e25dd569b6ef2db4cc865159984c1;p=systemd.git

core: call dynamic_user_acquire() only when 'group' is non-null

When unit is reloaded, and the reloaded unit has bad-setting, then
unit_patch_contexts() is not called and exec_context::user and group
may not be configured.

A minimum reproducer for the case is:
- step 1.
$ sudo systemctl edit --full hoge.service
[Service]
oneshot
ExecStart=sleep 1h

- step 2.
$ sudo systemctl start hoge.service

- step 3.
$ sudo systemctl edit --full hoge.service
[Service]
Type=oneshot
ExecStart=@bindir@/sleep 1h
DynamicUser=yes

Then pid1 crashed.

Fixes #14733.

(cherry picked from commit 50152bb1c5c311e97e9eeec3b09044925b6e3663)

Gbp-Pq: Name core-call-dynamic_user_acquire-only-when-group-is-non-nul.patch
---

diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c
index 75373407..4dfa29d1 100644
--- a/src/core/dynamic-user.c
+++ b/src/core/dynamic-user.c
@@ -770,7 +770,7 @@ int dynamic_creds_acquire(DynamicCreds *creds, Manager *m, const char *user, con
 
                 if (creds->user && (!group || streq_ptr(user, group)))
                         creds->group = dynamic_user_ref(creds->user);
-                else {
+                else if (group) {
                         r = dynamic_user_acquire(m, group, &creds->group);
                         if (r < 0) {
                                 if (acquired)