[Pkg-mpd-maintainers] Bug#849726: mpd: On i686, RestrictNamespaces=yes in Systemd unit does not allow mpd to open sockets
Michael Biebl
biebl at debian.org
Sat Dec 31 08:18:56 UTC 2016
Am 31.12.2016 um 09:10 schrieb Max Kellermann:
> On 2016/12/30 08:26, Konstantin Khomoutov <flatworm at users.sourceforge.net> wrote:
>> | 4938 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EPROTONOSUPPORT (Protocol not supported)
>> | 4938 exit_group(1) = ?
>> | 4938 +++ exited with 1 +++
>
> There are two problems with your findings:
>
> 1. MPD does not contain any code which creates SOCK_DGRAM, even less
> so with AF_UNIX. This is not MPD!
>
> 2. Any time MPD exits due to a failure, it will print an error
> message. This process does not. Again, what you see here is not
> MPD!
>
> 3. Why do you get EPROTONOSUPPORT even though AF_UNIX is allowed? Not
> a MPD bug, but maybe a systemd bug.
>
RestrictNameSpaces= is currently broken on certain architectures,
including i386
See https://github.com/systemd/systemd/issues/4575
We've disabled those sandboxing features in systemd's own unit files for
now:
https://packages.qa.debian.org/s/systemd/news/20161105T220420Z.html
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mpd-maintainers/attachments/20161231/bb8bf6c4/attachment.sig>
More information about the Pkg-mpd-maintainers
mailing list