FS#62734 - [murmur] systemd service to run as root (drops capabilities)
Attached to Project:
Community Packages
Opened by Olli Asikainen (ooaa_) - Friday, 24 May 2019, 17:42 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Wednesday, 29 May 2019, 15:03 GMT
Opened by Olli Asikainen (ooaa_) - Friday, 24 May 2019, 17:42 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Wednesday, 29 May 2019, 15:03 GMT
|
Details
Description:
Murmur 1.3.0rc1-3 introduced a change to the systemd service unit which starts the daemon as the murmur user. This breaks some setups: May 24 20:21:07 xxx murmurd[1075]: <W>2019-05-24 20:21:07.706 SSL: OpenSSL version is 'OpenSSL 1.1.1b 26 Feb 2019' May 24 20:21:07 xxx murmurd[1075]: <W>2019-05-24 20:21:07.707 Initializing settings from /etc/murmur.ini (basepath /etc) May 24 20:21:07 xxx murmurd[1075]: <C>2019-05-24 20:21:07.707 MetaParams: Failed to read /etc/letsencrypt/live/<xxx>/fullchain.pem May 24 20:21:07 xxx murmurd[1075]: <F>2019-05-24 20:21:07.708 MetaParams: Failed to load SSL settings. See previous errors. May 24 20:21:07 xxx systemd[1]: murmur.service: Main process exited, code=exited, status=1/FAILURE May 24 20:21:07 xxx systemd[1]: murmur.service: Failed with result 'exit-code'. This setup used to work before as the service was started as root and capabilities dropped right after. This feature is configured with murmur.ini like so: # If Murmur is started as root, which user should it switch to? # This option is ignored if Murmur isn't started with root privileges. uname=murmur This is how a successful service startup works when started as root: May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.553 SSL: OpenSSL version is 'OpenSSL 1.1.1b 26 Feb 2019' May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.554 Initializing settings from /etc/murmur.ini (basepath /etc) May 24 20:21:42 xxx murmurd[1122]: <C>2019-05-24 20:21:42.555 MetaParams: Adding 1 intermediate certificates from certificate file. May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.584 MetaParams: TLS cipher preference is ... May 24 20:21:42 xxx murmurd[1122]: <C>2019-05-24 20:21:42.586 Successfully switched to uid 122 May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.629 ServerDB: Opened SQLite database /var/db/murmur/murmur.sqlite May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.629 ServerDB: Using SQLite's default rollback journal. May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.630 Resource limits were 0 0 May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.630 Successfully dropped capabilities May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.631 Failed to connect to D-Bus session May 24 20:21:42 xxx murmurd[1122]: <W>2019-05-24 20:21:42.642 Murmur 1.3.0 (1.3.0) running on X11: Arch Linux: Booting servers Please consider leveraging this murmur feature. |
This task depends upon
Closed by Sven-Hendrik Haase (Svenstaro)
Wednesday, 29 May 2019, 15:03 GMT
Reason for closing: Fixed
Wednesday, 29 May 2019, 15:03 GMT
Reason for closing: Fixed
Comment by
Sven-Hendrik Haase (Svenstaro) -
Wednesday, 29 May 2019, 14:59 GMT
Indeed, I forgot about that murmur use case. Reverting.