Comment # 4 on bug 1092269 from Thomas Blume

(In reply to Matthias Gerstner from comment #3)
> I am not exactly sure how the machine-id business is supposed to work, from
> the spec file it sounds like it is a kind of two stage process where some
> other component is responsible for "fixing up" the file.
> 
> Can you please find a solution that avoids having this file world writeable
> in
> the first place?

That had been introduced here:

https://build.opensuse.org/request/show/479267

but I don't see any reason making it world writable.
The upstream code (src/core/machine-id-setup.c) shows even 444 as permissions:

-->
int machine_id_setup(const char *root, sd_id128_t machine_id, sd_id128_t *ret)
{
        const char *etc_machine_id, *run_machine_id;
        _cleanup_close_ int fd = -1;
        bool writable;
        int r;

        etc_machine_id = prefix_roota(root, "/etc/machine-id");

        RUN_WITH_UMASK(0000) {
                /* We create this 0444, to indicate that this isn't really
                 * something you should ever modify. Of course, since the file
                 * will be owned by root it doesn't matter much, but maybe
                 * people look. */

                (void) mkdir_parents(etc_machine_id, 0755);
                fd = open(etc_machine_id, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY,
0444);
--<

Still, considering the original commit, I guess we'd need to make it 644.
Ludwig, since you were involved in bug#1024740, I guess you are the best to
comment on that, any objection?