From c5d5bc2bfbb272b02f9b3d6687d71f7e21e9cc94 Mon Sep 17 00:00:00 2001 From: Rudi Heitbaum Date: Wed, 29 Nov 2023 09:03:50 +0000 Subject: [PATCH 1/2] avahi: sanitize uidgid align to https://pagure.io/setup/blob/master/f/uidgid which is the standard used in the base-os --- packages/network/avahi/package.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/network/avahi/package.mk b/packages/network/avahi/package.mk index a7fcee52b1..e0305ee755 100644 --- a/packages/network/avahi/package.mk +++ b/packages/network/avahi/package.mk @@ -93,8 +93,8 @@ post_makeinstall_target() { } post_install() { - add_user avahi x 495 495 "avahi-daemon" "/var/run/avahi-daemon" "/bin/sh" - add_group avahi 495 + add_user avahi x 70 70 "avahi-daemon" "/var/run/avahi-daemon" "/bin/sh" + add_group avahi 70 enable_service avahi-defaults.service enable_service avahi-daemon.service From d8594004bf846263c912bea19d7541edcbd915de Mon Sep 17 00:00:00 2001 From: Rudi Heitbaum Date: Wed, 29 Nov 2023 08:44:58 +0000 Subject: [PATCH 2/2] systemd: sanitize /etc/group and gids sgx group was added in systemd-248 in commit - https://github.com/systemd/systemd/commit/c9c4899f4444d9586e541b5e72597a37f949433a Fixes warnings at boot by: systemd-udevd and dbus-daemon at boot: ~ # journalctl | grep Unknown systemd-udevd[525]: /usr/lib/udev/rules.d/50-udev-default.rules:56 Unknown group 'sgx', ignoring. systemd-udevd[525]: /usr/lib/udev/rules.d/50-udev-default.rules:57 Unknown group 'sgx', ignoring. dbus-daemon[568]: dbus[568]: Unknown group "wheel" in message bus configuration file dbus-daemon[568]: dbus[568]: Unknown username "systemd-oom" in message bus configuration file renumber gids: - input 199 -> 104 - kvm 10 -> 36 - render 12 -> 105 ref: - https://github.com/systemd/systemd/commit/9a797ddc41a59905990c045bc2f6a17f411c1bbb - https://pagure.io/setup/blob/master/f/uidgid --- packages/sysutils/systemd/package.mk | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/packages/sysutils/systemd/package.mk b/packages/sysutils/systemd/package.mk index 45437a52b0..7b542c78e2 100644 --- a/packages/sysutils/systemd/package.mk +++ b/packages/sysutils/systemd/package.mk @@ -273,20 +273,26 @@ post_install() { add_group systemd-network 193 add_user systemd-network x 193 193 "systemd-network" "/" "/bin/sh" - add_group audio 63 pipewire + add_group systemd-oom 194 + add_user systemd-oom x 194 194 "systemd Userspace OOM Killer" "/" "/bin/false" + + add_group adm 4 + add_group tty 5 + add_group disk 6 + add_group lp 7 + add_group kmem 9 + add_group wheel 10 add_group cdrom 11 add_group dialout 18 - add_group disk 6 add_group floppy 19 - add_group kmem 9 - add_group kvm 10 - add_group lp 7 - add_group render 12 - add_group tape 33 - add_group tty 5 - add_group video 39 pipewire add_group utmp 22 - add_group input 199 + add_group tape 33 + add_group kvm 36 + add_group video 39 pipewire + add_group audio 63 pipewire + add_group input 104 + add_group render 105 + add_group sgx 106 enable_service machine-id.service enable_service debugconfig.service