Bug 790522
Summary: | Private /tmp are broken | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Simo Sorce <ssorce> |
Component: | systemd | Assignee: | systemd-maint |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | awilliam, dwalsh, johannbg, metherid, mschmidt, nicolas.mailhot, notting, philipp, plautrba, robatino, sgallagh, systemd-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | AcceptedNTH RejectedBlocker | ||
Fixed In Version: | systemd-43-1.fc17 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-21 02:22:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 752651, 782466 |
Description
Simo Sorce
2012-02-14 18:36:13 UTC
*** Bug 789587 has been marked as a duplicate of this bug. *** Proposing for alpha blocker status. Due to this systemd bug, no service that runs as non-root and requires access to tmp files will work (apache being a notable example). Which criteria is this breaking? I cant see this anymore then NTH for alpha and a blocker for beta (In reply to comment #3) > Which criteria is this breaking? > > I cant see this anymore then NTH for alpha and a blocker for beta Sorry, you are correct. I was incorrectly assuming httpd was considered CRITPATH, but it is not. So I agree with your assessment of NTH for alpha and blocker for beta. what else is known to use private /tmp ? For cases like httpd this can be fixed fine with an update, so I'm not sure even NTH makes a lot of sense unless there's a case you're going to hit during install or in a live boot. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers (In reply to comment #5) > what else is known to use private /tmp ? See https://bugzilla.redhat.com/showdependencytree.cgi?id=782466&hide_resolved=0 (not a short list) I'm a bit concerned that ypbind/ypserv could impact NIS logins on F17. dhcpd, cups and dovecot seem pretty serious too. Sorry, ypserv/ypbind and dhcpd were closed NOTABUG, not RAWHIDE. my vote here would be -1 blocker, none of this seems to prevent install or login post install and can be fixed by updates after. cups and dovecot are too high-level functionality to conceivably impact alpha. I can't really see any package CLOSED RAWHIDE (implying it was implemented) that might constitute a blocker, though a couple may be NTH-worthy (ntpd, openvpn, bind maybe). -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers ntpd runs as a non-privileged user, so it's probably hit by this. cupsd runs as root, so it probably isn't. not sure about the others. ah, ntpd is no longer default, chronyd is. so ntpd isn't too worrying. chronyd doesn't use private /tmp. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers The fix is available here http://koji.fedoraproject.org/koji/buildinfo?buildID=299664 IMHO it would be safer to pull it than to try to guess which package may try to write in a private tmp and fail with strange side effects because of this bug (In reply to comment #12) > The fix is available here (at least for the can not write in private tmp part, it works with clamav and httpd) http://cgit.freedesktop.org/systemd/systemd/commit/?id=21d279cf543c82705a5b3362818805603d2ab9f2 looks an awful lot like a fix. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Yes it's part of the systemd 43 build I just referenced (and tested) well, I just tried systemd-43, and I'm not sure it's fixed. I installed it at 13:09 and rebooted, new boot happened at 13:11, and I have: drwx------. 4 root root 4096 Feb 15 13:11 /tmp/systemd-namespace-gmEreP note the creation date. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers systemd-43-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/systemd-43-1.fc17 -1 to blocker -1 to nth this should just be fixed via update +1 to beta blocker if still present at that time... Package systemd-43-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing systemd-43-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1780/systemd-43-1.fc17 then log in and leave karma (feedback). actually, I was looking at the wrong dir - it's /tmp/systemd-namespace-blah/private/ that matters, apparently. so looking at that, I confirm the fix. the /private dirs created *before* the update on my system are drwxr-xr-t . the /private dir created *after* the update is drwxrwxrwt . I see the same in a VM running RC2. So looks like the fix is good in RC2. Update still has to be pushed stable. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Discussed at 2012-02-17 blocker review meeting. Agreed we can't declare this a blocker as we have no evidence that it actually causes any major issues, but accepted as NTH due to its obvious potential to cause problems and the fact that it can't entirely be fixed with an update (private /tmps created before the update is installed will retain incorrect permissions). Note the fix was already pulled into RC2 anyway. systemd-43-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. *** Bug 788061 has been marked as a duplicate of this bug. *** Fixed in F16 as well: https://admin.fedoraproject.org/updates/systemd-37-14.fc16 *** Bug 790042 has been marked as a duplicate of this bug. *** |