From nobody Thu Mar 28 19:32:33 2024
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V5DFs6Hkyz5Fqw8
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Thu, 28 Mar 2024 19:32:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4V5DFs3jgSz4RQw
	for <ports-bugs@FreeBSD.org>; Thu, 28 Mar 2024 19:32:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711654353; a=rsa-sha256; cv=none;
	b=OCz8auLNHcjF1Vp7RCOJtG+bc28W2bNEDMkDyOGZjDysugewj9Hiim2QWajyffGstAMNSK
	xKx2yamuLPQV0W+r0HdWEk1wAQiFuqKFfAE6iJawcRKpaytEg0Cg0AEjBNOGEoWrF302MU
	r2M2SsChWq/RR8h5GfVvJ5s+vhJpn1b4WJ8nP/AztQUnsnE1U72YRASzfhxp5Lh86a4kLL
	yEnQulU03lC0e1fVSlxFy2qAZOvsvZhrs4tV2TqDeD9NNMHOTPvtbunHcdlP45pQDtmnIS
	YG4ZbD0mEqWvIUzNpbjPHF6Fr0/De8eqd+nSDyZ8F3wP1uHZGneMI102wc1RUQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1711654353;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=qNwOgzwf+tDHrp/9n6f+L2P23Ab0MPwyLLXGIw2cFPI=;
	b=vqf3LnbnSShlABifiYPFAYemTZjxDF0gbE0mFOI7MN+uTwGTF2BsWBUn9+0rbIzgoFdovX
	zqsdYHo+y5LTi4YzvoZkAOtTUnWbGfWvUAhH2TaBYIYE1kz0laehCJCOl30ryauHkscuaO
	ibkUVm93Wlwozc6uolKH/L9Ti4m3s4lgmU8p6VeI6vjr7J6z8xuJi2YY4CU076WHQF5/8O
	BrHIEQSl261whG4NcnPz4L7uc38wtBQUUmFiuF2wp12qhd9enFnDJjTpVYgzW3doClTmpK
	neJuGDva4uQFPwrVrt5L93VoHY+rfqPQHLdM6ApkMCIPQWyE00rUSHohP6b0dg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V5DFs3KQrzh3D
	for <ports-bugs@FreeBSD.org>; Thu, 28 Mar 2024 19:32:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 42SJWXST024400
	for <ports-bugs@FreeBSD.org>; Thu, 28 Mar 2024 19:32:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 42SJWX83024396
	for ports-bugs@FreeBSD.org; Thu, 28 Mar 2024 19:32:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 277950] RUNDIR should not be set in pkg-plist in in
 dns/knot-resolver
Date: Thu, 28 Mar 2024 19:32:33 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: trashcan@ellael.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-277950-7788-694irvQK4i@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-277950-7788@https.bugs.freebsd.org/bugzilla/>
References: <bug-277950-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports-bugs@freebsd.org
X-BeenThere: freebsd-ports-bugs@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277950

--- Comment #2 from Michael Grimm <trashcan@ellael.org> ---
(In reply to Leo Vandewoestijne from comment #1)

>> kresd will create RUNDIR on a vanilla system anyway and will set=20
>> permissions correctly
>
> Yes, but doesn't remove it when uninstalling.
> And so without this line it doesn't pass in poudriere

Ok, I have missed that poudriere testport is complaining.

> The line was modified after PR 267016

Yes, I saw that, namely from 0755 to 0660. And that is the culprit (see bel=
ow).

> Further these variables exist for use in rc.conf:
>
> kresd_user=3D"kresd"
> kresd_group=3D"kresd"
> kresd_rundir=3D"/var/run/${name}"
>
> Don't they allow what you wish to accomplish ..?

No, not really:

1) I am following these recommendations in rc.conf and drop privileges afte=
r=20
   starting kresd:

dns> cat /usr/local/etc/knot-resolver/kresd.conf
[snip]
--
-- drop privileges, now
--
user('kresd','kresd')
--
-- create socket file
--
net.listen('/var/run/kresd/control/kresd.sock', nil, { kind =3D 'control' })
[snip]

2) kresd will create /var/run/kresd (if removed on purpose for demonstratio=
n)
   as follows:

dns> rm -r /var/run/kresd

dns> service kresd start
kresd started.

dns> ls -al /var/run | grep kresd
drwx------   3 kresd kresd   6 Mar 28 19:24 kresd
 ^^^

dns> ls -lR /var/run/kresd/
total 18
drwxr-x---  2 kresd kresd        3 Mar 28 19:24 control
-rw-r-----  1 kresd kresd 10485760 Mar 28 19:25 data.mdb
-rw-------  1 root  kresd        5 Mar 28 19:24 kresd.pid
-rw-r-----  1 kresd kresd     8192 Mar 28 19:24 lock.mdb

/var/run/kresd/control:
total 1
srwxr-xr-x  1 kresd kresd 0 Mar 28 19:24 kresd.sock

3) If one re-installes dns/knot-resolver one ends with:

dns> ls -al /var/run | grep kresd
drw-rw----   3 kresd kresd   5 Mar 28 19:32 kresd
 ^^ ^^

4) After restarting kresd one renders kresd useless because of:

Mar 28 19:40:58 <daemon.notice> kresd[90451]: [net   ] bind to
'/var/run/kresd/control/kresd.sock' (UNIX): Permission denied
Mar 28 19:40:58 <daemon.notice> kresd[90451]: [system] error while loading
config: error occurred here (config filename:lineno is at the bottom, if co=
nfig
is involved):
Mar 28 19:40:58 <daemon.notice> kresd[90451]: stack traceback:
Mar 28 19:40:58 <daemon.notice> kresd[90451]:   [C]: in function 'listen'
Mar 28 19:40:58 <daemon.notice> kresd[90451]:=20=20
/usr/local/etc/knot-resolver/kresd.conf:29: in main chunk
Mar 28 19:40:58 <daemon.notice> kresd[90451]: ERROR: net.listen() failed to
bind (workdir '/var/run/kresd')

5) This error message is repeated every other second until:

dns> chmod 700 /var/run/kresd

! changing /var/run/kresd from 660 back to 700

dns> ps Af | grep kresd
90816  -  SsJ  0:00.01 daemon: /usr/local/sbin/kresd[90831] (daemon)
90831  -  SJ   0:00.06 /usr/local/sbin/kresd -c
/usr/local/etc/knot-resolver/kresd.conf -n -q /var/run/kresd
90833  1  R+J  0:00.00 grep kresd

No more errors logged.


Ok, if one needs RUNDIR, I do propose to set it as follows:

-@dir(%%USERS%%,%%GROUPS%%,0660) %%RUNDIR%%
+@dir(%%USERS%%,%%GROUPS%%,0700) %%RUNDIR%%

HTH and regards,
Michael

--=20
You are receiving this mail because:
You are the assignee for the bug.=