Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

persist state for wicked, chrony, and systemd #970

Merged
merged 6 commits into from
Jul 9, 2020
Merged

persist state for wicked, chrony, and systemd #970

merged 6 commits into from
Jul 9, 2020

Commits on Jul 8, 2020

  1. selinux-policy: confine system daemons and protect state 

    Before saving clock measurements and DHCP leases to durable storage,
we want to make sure they can't be modified by an untrusted workload.

chronyd and wicked are both network-facing daemons, so we have the
additional goal of limiting their access to the host OS, to mitigate
the impact of a compromise.

dbus-broker does not need to persist any state, but could be exposed
to untrusted local input, and benefits from similar confinement.

systemd also persists some state, such as the journal and the random
seed, so we label that data as well to prevent unexpected changes.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    1fb69c9 View commit details
    Browse the repository at this point in the history

  2. chrony: move clock state back to persistent storage 

    Now that clock measurements are protected by the SELinux policy, we
can save them on durable storage so they are available after an OS
update.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    99f13bb View commit details
    Browse the repository at this point in the history

  3. wicked: move interface state back to persistent storage 

    Now that lease files are protected by the SELinux policy, we can save
them on durable storage so they are available after an OS update.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    b730f19 View commit details
    Browse the repository at this point in the history

  4. systemd: move stateful paths back to persistent storage 

    This partially reverts 58b0289. We do not use the systemd feature
for private directories, so this change only affects systemd's own
programs.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    10bb585 View commit details
    Browse the repository at this point in the history

  5. systemd: generate stable machine ID for Xen guests 

    We don't have a good way to persist the machine ID in a place that's
accessible during early boot, so our best bet is to always generate
the same ID.

Both Xen and KVM can provide a UUID to identify guests, and systemd
already uses the KVM value if available. This patch extends the logic
to check for the Xen value as well.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    12fc3d5 View commit details
    Browse the repository at this point in the history

  6. systemd: configure journal for persistent storage 

    Signed-off-by: Ben Cressey <bcressey@amazon.com>
    @bcressey
    bcressey committed Jul 8, 2020
    Configuration menu
    Copy the full SHA
    4d6679a View commit details
    Browse the repository at this point in the history