Accepting request 605360 from Base:System

OBS-URL: https://build.opensuse.org/request/show/605360
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=278

systemd-mini.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue May  8 10:33:10 UTC 2018 - Thomas.Blume@suse.com
+
+- align permissions of /etc/machine-id to upstream code (bsc#1092269)
+  world writeable machine-id is a security issue
+
 -------------------------------------------------------------------
 Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com
 

systemd-mini.spec

@@ -687,9 +687,11 @@ fi
 # machine ID in all images.
 if [ $1 -eq 1 ]; then
         touch     %{_sysconfdir}/machine-id
-        chmod 666 %{_sysconfdir}/machine-id
 fi
 
+# check if /etc/machine-id is writeable and change it to readonly 
+[ ! -w %{_sysconfdir}/machine-id ] || chmod 444 %{_sysconfdir}/machine-id
+
 %if ! 0%{?bootstrap}
 pam-config --add --systemd || :
 %endif

systemd.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue May  8 10:33:10 UTC 2018 - Thomas.Blume@suse.com
+
+- align permissions of /etc/machine-id to upstream code (bsc#1092269)
+  world writeable machine-id is a security issue
+
 -------------------------------------------------------------------
 Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com
 

systemd.spec

@@ -685,9 +685,11 @@ fi
 # machine ID in all images.
 if [ $1 -eq 1 ]; then
         touch     %{_sysconfdir}/machine-id
-        chmod 666 %{_sysconfdir}/machine-id
 fi
 
+# check if /etc/machine-id is writeable and change it to readonly 
+[ ! -w %{_sysconfdir}/machine-id ] || chmod 444 %{_sysconfdir}/machine-id
+
 %if ! 0%{?bootstrap}
 pam-config --add --systemd || :
 %endif