Bug 2147522

Summary: It is not possible to run FRR as a non-root user
Product: Red Hat Enterprise Linux 9 Reporter: Michal Ruprich <mruprich>
Component: frrAssignee: Michal Ruprich <mruprich>
Status: CLOSED ERRATA QA Contact: FrantiĊĦek Hrdina <fhrdina>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.2CC: fhrdina
Target Milestone: rcKeywords: AutoVerified, Patch, Reproducer, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: frr-8.3.1-5.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 07:32:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Ruprich 2022-11-24 07:32:56 UTC 
Description of problem:
Since the rebase to version 8.3.1 it is not possible to run FRR as a regular user other than root. Even though this would not make much sense when running directly in the host system, since most of the daemons won't start anyway, it makes sense for example in a container. Having a hard requirement to run stuff as root does not make much sense.

Version-Release number of selected component (if applicable):
frr-8.3.1-3.el9

How reproducible:
100%

Steps to Reproduce:
1. Create a docker file to run frr in a container:
$ cat << EOF > Dockerfile
FROM quay.io/centos/centos:stream9
RUN dnf install frr -y
EOF

2. Build the container
$ podman build . -t frr83

3. Run the content as user frr
$ podman run -it -u frr frr83 bash

4. Try to start FRR:
bash-5.1$ whoami
frr
bash-5.1$ /usr/libexec/frr/frrinit.sh start
Only users having EUID=0 can start/stop daemons
bash-5.1$ 

Actual results:
FRR not started because the EUID of the user is not that of a root.

Expected results:
This should be possible in certain use cases.

Additional info:
Originally discussed in bug #2127494.
Comment 11 errata-xmlrpc 2023-05-09 07:32:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: frr security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2202