Bug 1278027
| Summary: | Service fails to start because it's run as root | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthias Saou <matthias> |
| Component: | vnstat | Assignee: | Adrian Reber <adrian> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 24 | CC: | adrian |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-31 15:47:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Note that I was just reading through the /etc/vnstat.conf file and saw this which could be relevant too : # switch to given user when started as root (leave empty to disable) DaemonUser "" # switch to given user when started as root (leave empty to disable) DaemonGroup "" ...though since the file is %config(noreplace), the service would fail to restart for anyone upgrading with a modified vnstat.conf file. Easier to just fix the systemd service file :-) Thanks for the bug report. Do you think this a change which should also be pushed to F23? I am not sure this should be pushed to F23. Although I wonder why no other bug report has been opened yet... This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase Ah, this is actually fixed in EPEL7 and Fedora 24 and greater since some time. |
I rebuilt the latest 1.14-2 on RHEL7, and the service fails to start with SELinux denial errors. While looking for possible causes, I came across #711995 which explains that the problem is because it's being run as root, and running as the vnstat user should work. And it does. This fixes it for me : [Service] +User=vnstat ExecStart=/usr/sbin/vnstatd -n ExecReload=/bin/kill -HUP $MAINPID I see this in the current spec file : %{__install} -p -m 644 examples/systemd/vnstat.service $RPM_BUILD_ROOT%{_unitdir}/ In the 1.11-21 package (current epel7 branch), the service file was Source1 and contained the proper user (it didn't have the reload, though) : [Service] User=vnstat ExecStart=/usr/sbin/vnstatd -d So I think the service file should either get patched or switched back to an external source file, in order to set the 'User=vnstat' back, as it's required for the service to work at all with SELinux enforcing (and root privileges aren't required).