Bug#889144: stricter PIDfile handling breaks several daemons

Sven Hartge sven at svenhartge.de
Fri Feb 2 13:58:51 GMT 2018 

Package: systemd
Version: 237-1
Severity: important
Tags: upstream

Hi!

The upstream commit db256aab13d8a89d583ecd2bacf0aca87c66effc "core: be 
stricter when handling PID files and MAINPID sd_notify() messages"
breaks several daemons in Debian.

Known issues exist for

  - munin-node https://bugs.debian.org/889073
  - ulogd2
  - dnsmasq https://lists.debian.org/debian-user/2018/01/msg01331.html

and possibly others.

Symptom is a timeout during service start, constant service restarts (if
configured) and log messages like:

Feb  2 14:22:49 HOST systemd[1]: ulogd2.service: Permission denied while opening PID file or unsafe symlink chain: /run/ulog/ulogd.pid
Feb  2 14:23:54 HOST systemd[1]: munin-node.service: Permission denied while opening PID file or unsafe symlink chain: /run/munin/munin-node.pid

Problem lies, as far as I understand the change, in the permissions of
the directory in which the PIDfile is created by the daemon. In all
cases it does not belong root:root but the respective service user:

HOST:/run# ls -ld ulog munin
drwxr-xr-x 2 munin root 100 Feb  2 14:50 munin
drwxr-xr-x 2 ulog  ulog  40 Feb  2 14:24 ulog

My quick'n'dirty workaround for munin was to change the PIDfile path to
just "/run" in both the systemd unit and the configuration file and for
ulogd2 I converted the unit from Type=forking to Type=simple, omitting
the PIDfile completely.

But this can only be a workaround in my opinion, because the upstream
change changes an assumption on how and where PIDfiles can work without
any prior notice. This needs to be changed to a non-fatal warning and
not an error, IMHO.

Grüße,
Sven.

-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (200, 'experimental'), (1, 'experimental-debug')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser          3.116
ii  libacl1          2.2.52-3+b1
ii  libapparmor1     2.12-2
ii  libaudit1        1:2.8.2-1
ii  libblkid1        2.30.2-0.3
ii  libc6            2.26-6
ii  libcap2          1:2.25-1.2
ii  libcryptsetup12  2:2.0.0-1
ii  libgcrypt20      1.8.1-4
ii  libgpg-error0    1.27-5
ii  libidn11         1.33-2.1
ii  libip4tc0        1.6.1-2+b1
ii  libkmod2         25-1
ii  liblz4-1         0.0~r131-2+b1
ii  liblzma5         5.2.2-1.3
ii  libmount1        2.30.2-0.3
ii  libpam0g         1.1.8-3.6
ii  libseccomp2      2.3.1-2.1
ii  libselinux1      2.7-2
ii  libsystemd0      237-1
ii  mount            2.30.2-0.3
ii  procps           2:3.3.12-3
ii  util-linux       2.30.2-0.3

Versions of packages systemd recommends:
ii  dbus            1.12.2-1
ii  libpam-systemd  237-1

Versions of packages systemd suggests:
ii  policykit-1        0.105-18
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.130
ii  udev             237-1

-- Configuration Files:
/etc/systemd/journald.conf changed [not included]
/etc/systemd/logind.conf changed [not included]
/etc/systemd/system.conf changed [not included]

-- debconf-show failed

More information about the Pkg-systemd-maintainers mailing list