From 0e551b04efb911d38b586cca1a6a462c87a2cb1b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Wed, 8 May 2024 20:12:57 +0100
Subject: core: do not imply PrivateTmp with DynamicUser, create a private
 tmpfs instead

DynamicUser= enables PrivateTmp= implicitly to avoid files owned by reusable uids
leaking into the host. Change it to instead create a fully private tmpfs instance
instead, which also ensures the same result, since it has less impactful semantics
with respect to PrivateTmp=yes, which links the mount namespace to the host's /tmp
instead. If a user specifies PrivateTmp manually, let the existing behaviour
unchanged to ensure backward compatibility is not broken.
---
 test/units/TEST-07-PID1.exec-context.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'test/units/TEST-07-PID1.exec-context.sh')

diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh
index a3379ef402..69274a5743 100755
--- a/test/units/TEST-07-PID1.exec-context.sh
+++ b/test/units/TEST-07-PID1.exec-context.sh
@@ -340,6 +340,19 @@ if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && ker
     (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys)
 fi
 
+if [[ ! -v ASAN_OPTIONS ]]; then
+    # Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set
+    systemd-run --unit test-07-dynamic-user-tmp.service \
+                --service-type=notify \
+                -p DynamicUser=yes \
+                -p NotifyAccess=all \
+                sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity'
+    (! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
+    (! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
+    systemctl is-active test-07-dynamic-user-tmp.service
+    systemctl stop test-07-dynamic-user-tmp.service
+fi
+
 # Make sure we properly (de)serialize various string arrays, including whitespaces
 # See: https://github.com/systemd/systemd/issues/31214
 systemd-run --wait --pipe -p Environment="FOO='bar4    '" \
-- 
cgit v1.2.3