FS#75821 - [fluidsynth] new service is not compatible with user service

Attached to Project: Arch Linux
Opened by Celeste (Coelacanthus) - Tuesday, 06 September 2022, 08:54 GMT
Last edited by David Runge (dvzrv) - Wednesday, 07 September 2022, 08:41 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To David Runge (dvzrv)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

when using upstream hardened service as user service, you will get an error
Sep 06 16:45:53 new-laptop.coelacanthus.internal systemd[954]: Starting FluidSynth Daemon...
Sep 06 16:45:53 new-laptop.coelacanthus.internal fluidsynth[156739]: fluidsynth.service: ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.
Sep 06 16:45:53 new-laptop.coelacanthus.internal fluidsynth[156739]: fluidsynth.service: Failed to drop capabilities: Operation not permitted
Sep 06 16:45:53 new-laptop.coelacanthus.internal systemd[156739]: fluidsynth.service: Failed at step CAPABILITIES spawning /usr/bin/fluidsynth: Operation not permitted
Sep 06 16:45:53 new-laptop.coelacanthus.internal systemd[954]: fluidsynth.service: Main process exited, code=exited, status=218/CAPABILITIES
Sep 06 16:45:53 new-laptop.coelacanthus.internal systemd[954]: fluidsynth.service: Failed with result 'exit-code'.
Sep 06 16:45:53 new-laptop.coelacanthus.internal systemd[954]: Failed to start FluidSynth Daemon.

Additional info:
* package version(s): fluidsynth 2.2.9

Steps to reproduce:

1. install 2.2.9
2. systemctl --user start fluidsynth.service

Possible solutions:
1. install service as system service rather than user service
2. disable ProtectKernelModules=true and ProtectKernelLogs=true

I prefer 2 because installing as a system service prevent the user from using fluidsynth with the user audio server, and most audio server is running as a user service.
This task depends upon

Closed by  David Runge (dvzrv)
Wednesday, 07 September 2022, 08:41 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with fluidsynth 2.2.9-2 (via https://github.com/FluidSynth/fluidsynth /pull/1148)
Comment by David Runge (dvzrv) - Wednesday, 07 September 2022, 08:26 GMT
@Coelacanthus: Thanks for the ticket!

As this is actually an upstream issue, it would have been nice if you had opened a ticket with them.
I have opened https://github.com/FluidSynth/fluidsynth/issues/1147 to track this.
Comment by David Runge (dvzrv) - Wednesday, 07 September 2022, 08:40 GMT
https://github.com/FluidSynth/fluidsynth/pull/1148 removes all offending sandboxing options.

A rebuilt fluidsynth with this patch applied can now be found in [testing] in 2.2.9-2.

Loading...