-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
start-stop-daemon: fix: pam_start before chrooting #517
base: master
Are you sure you want to change the base?
Conversation
It looks like supervise-daemon has the same issue, can you fix it there also? |
I did the same thing, but I did not test anything. Another thing: stderr_process and redirect_stderr is also called after chrooting. It might be useful to execute the logger process before chrooting, to avoid including programs for logging and to avoid leaving logs in the chroot. That would break setups that expect the current behavior, although I doubt that many people went through the hassle of setting up a logger in a chroot (?). For example using Perhaps four additional arguments could be added, EDIT: I made a simple modification that creates the above options. I tested
Chrooted service is able to output data to the syslog. I haven't commited this to |
0fd7d52
to
f40c585
Compare
pam_start(3) must be called before chroot(2), because chroots usually do not have PAM-related files present. New options --std{out,err}{-logger,}-before-chroot in start-stop-daemon source and also described in the manpage. Manpage start-stop-daemon.8: -background => --background, remove duplicate --stderr entry.
This commit has too many unrelated changes. Thanks, William |
@williamh |
Well, that'd be nice in any form. Not to act as an entitled nagger, but for the fun anecdote, I lost a full afternoon trying to chroot the transmission-daemon init script (basically re-implementing parts of bwrap myself by doing RO bind mounts for runtime dependencies) only to get stuck on the same PAM error. Think I'll continue to launch the daemon manually and bwrap it myself (though bwrap can't forward signals at the moment, so I'll have to use RPC to shut it down). |
@q3cpma I don't think I'm going to work on this right now, I don't use OpenRC currently. |
Don't worry, I wasn't expecting anything of the sort. |
pam_start(3) must be called before chroot(2) for chroots that do not have PAM-related files present.
related bug report: http://bugs.gentoo.org/show_bug.cgi?id=292632
Example with patched openrc (on Gentoo):
Service starts successfully. See below to see how is start-stop-daemon being run when this is executed.
Example with unpatched openrc (on Gentoo):
strace output uploaded to http://1507103400/krneki/strace.txt.
Note that on Gentoo openrc is a bit modified. I hope this is still an upstream issue and I'm not falsely submitting a PR, although that may be the case.