[MIR] systemd-shim
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd-shim (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
* The package is in universe and built on all archs: https:/
* Rationale:
This is a necessary part of the work to have systemd-services replacing ubuntu-
The service emuates a few select systemd interface on an ad hoc basis in order to allow various things depending on systemd to work. For now this is the "Virtualization" property to detect if the system is a VM (with code to do this copied from systemd itself) and the unit control APIs for a faked "ntpd.service" unit. This allows timedated to think that it is requesting systemd to start and stop ntpd when really it is executing the logic that used to be in the Debian-specific gnome-settings-
Without this or the real systemd running, timedated won't even start. We could patch that away, but I don't want to get into the business of carrying large/ugly distro-specific patches to timedated when we can just as easily do the compatibility along a documented and stable interface (http://
It is expected that a few more odds and ends will be discovered over time that belong here. logind work is somewhat likely to kick up a thing or two.
* Security:
The code is small but it needs a full security review. The parts that enable/disable NTP were already running as root via the g-s-d DateTimeMechanism (although the code has been refactored a bit). The virtualisation detection code is copied straight out of systemd, which is being reviewed as part of the systemd MIR. The rest of the code (ie: mostly D-Bus logic) is newly-written.
This is a system service running as root (so that it can start/stop NTP). The primary mechanism for security control is the D-Bus policy file. Root-owned processes are allowed to call all methods (no help there if they already have root). Other processes are only allowed access only to the standard D-Bus interfaces (Introspection, Peer) and property getters. The code dealing with property gets (there is only one property) is extremely small and unlikely to contain exploitable flaws. The D-Bus interfaces (Introspection, Peer) are implemented by GDBus and although it is complicated it is already running inside of several other system services.
* Quality:
- not a user-visible component in any way
- no configuration settings
- no exotic hardware interaction (although it does attempt to use some nice tricks to detect virtualization, but those are copied straight from systemd)
- new code, no known bugs yet, but....
- when the bugs are found, I am the developer, so I'll fix them :)
The desktop bugs team is subscribed to the package in launchpad, foundations/desktop will maintain the package and look to the bug reports regularly.
affects: | systemd (Ubuntu) → systemd-shim (Ubuntu) |
Changed in systemd-shim (Ubuntu): | |
assignee: | Jamie Strandboge (jdstrand) → Seth Arnold (seth-arnold) |
Changed in systemd-shim (Ubuntu): | |
assignee: | Seth Arnold (seth-arnold) → Michael Terry (mterry) |
If this is for raring, after Jamie looks at this, it will likely need an FFe too.