Bug 1853293

Summary: gssproxy fails to start on read-only filesystem
Product: [Fedora] Fedora Reporter: Zbigniew Jędrzejewski-Szmek <zbyszek>
Component: gssproxyAssignee: Simo Sorce <ssorce>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 33CC: abokovoy, davide, gdeschner, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-29 15:13:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zbigniew Jędrzejewski-Szmek 2020-07-02 11:34:35 UTC 
Description of problem:
gssproxy.service fails to start when / is read-only.
It is obviously a problem when trying to recover from a file system issue.

$ touch /var/tmp/foo
touch: cannot touch '/var/tmp/foo': Read-only file system
$ sudo systemctl start gssproxy
Job for gssproxy.service failed because the control process exited with error code.
See "systemctl status gssproxy.service" and "journalctl -xe" for details.

Some debugging reveals that no socket is in use, but gssproxy fails to unlink /var/lib/gssproxy/default.sock.

# strace -f /usr/sbin/gssproxy -D
...
[pid   868] unlink("/var/lib/gssproxy/default.sock") = -1 EROFS (Read-only file system)
[pid   868] umask(0111)                 = 0177
[pid   868] socket(AF_UNIX, SOCK_STREAM, 0) = 7
[pid   868] bind(7, {sa_family=AF_UNIX, sun_path="/var/lib/gssproxy/default.sock"}, 110) = -1 EADDRINUSE (Address already in use)
...
[pid   868] writev(2, [{iov_base="gssproxy[868]: Failed to create "..., iov_len=72}, {iov_base="\n", iov_len=1}], 2gssproxy[868]: Failed to create Unix Socket! (98:Address already in use)

Please just move the socket to /run. That's what /run is for. (A static symlink
from /var/lib/gssproxy would be fine to keep backwards compat.)

Version-Release number of selected component (if applicable):
gssproxy-0.8.3-1.fc33.x86_64

How reproducible:
Deterministic

Steps to Reproduce:
1. Make /var/log read-only, either by not remounting the filesystems rw, or by using udev.blockdev-read-only with systemd-246+
2. Try to start sssd
Comment 1 Ben Cotton 2020-08-11 15:36:09 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.
Comment 2 Simo Sorce 2021-09-20 19:46:18 UTC 
Tentative solution here, would this work?
https://src.fedoraproject.org/rpms/gssproxy/pull-request/1
Comment 3 Zbigniew Jędrzejewski-Szmek 2021-10-04 06:00:36 UTC 
I think so. Longer reply in the pull request.