Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1548050
| Summary: | dnsmasq starts dnsmasq which runs as nobody user | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Zbigniew Jędrzejewski-Szmek <zbyszek> |
| Component: | dnsmasq | Assignee: | Petr Menšík <pemensik> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 27 | CC: | code, dougsland, dustymabe, itamar, jima, laine, nerijus, p, pemensik, thozza, veillard, walters |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | dnsmasq-2.78-5.fc27 dnsmasq-2.78-6.fc27 dnsmasq-2.79-5.fc28 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-07-31 18:04:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1537262, 1591969 | ||
|
Description
Zbigniew Jędrzejewski-Szmek
2018-02-22 15:28:35 UTC
ok, It's easy to fix, I can write a fix for it, someone can review it ? dnsmasq.spec should be changed to create a new user for it, like mydns or apache does in their spec file, according dnsmasq manpage its accepts user/group arguments -> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html -u, --user=<username> -g, --group=<groupname> I think after we get this bug fixed, then libvirt probably needs to be fixed too, including user/group in /var/lib/libvirt/dnsmasq/default.conf am I right ? Yes. Sounds good. I'm happy to review/test any patches. please take a look -> https://src.fedoraproject.org/rpms/dnsmasq/pull-request/1 *** Bug 1547932 has been marked as a duplicate of this bug. *** Petr Menšík,
I just figured out that the user creation needs to be at pre section, otherwise
warning: user dnsmasq does not exist - using root
standard dnsmasq (not the used libvirt) store lease file on ->
%dir %attr(0755, dnsmasq, dnsmasq) %{_var}/lib/dnsmasq
I am going to perform this change -> https://github.com/systemd/systemd/blob/master/src/core/macros.systemd.in#L107 what do you think ? That file and some related changes in systemd-sysusers are only in systemd master, and are not available in Fedora yet. systemd-238 should be released soon and land in F28+, and then this will be available. Please don't make use of it yet. dnsmasq-2.78-5.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f1f243787 dnsmasq-2.78-5.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f1f243787 Updating : dnsmasq-2.78-5.fc27.x86_64 23/52 warning: user dnsmasq does not exist - using root warning: group dnsmasq does not exist - using root Although user and group dnsmasq are created after the update. dnsmasq-2.78-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-179bd72fd0 dnsmasq-2.78-4.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-179bd72fd0 It's not fixed. 2.78-4 does not have user creation in preinstall script. dnsmasq-2.78-6.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cddb9c19c dnsmasq-2.78-6.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cddb9c19c dnsmasq-2.78-5.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. dnsmasq-2.78-6.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. This seems to have broken rpm-ostree builds at least with --unified-core, see: https://ci.centos.org/view/Atomic/job/fahc-treecompose/12899/console 23:56:12 Running pre scripts... 19 done 23:56:19 Running post scripts... error: While applying overrides for pkg dnsmasq: Could not find group 'dnsmasq' in group file I bet that sysusers isn't doing anything if the system isn't booted via systemd. https://github.com/systemd/systemd/pull/7631 is related if that's the case. https://github.com/systemd/systemd/blob/master/doc/ENVIRONMENT.md#known-environment-variables is probably a better reference. No this just looks plain broken to me, and since systemd uses the anti-pattern of "2>&1 || : " the errors are masked: Look: $ rpm -qp --scripts dnsmasq-2.79-3.fc28.x86_64.rpm preinstall scriptlet (using /bin/sh): #precreate users so that rpm can install files owned by that user systemd-sysusers - <<SYSTEMD_INLINE_EOF >/dev/null 2>&1 || : 'u dnsmasq - "Dnsmasq DHCP and DNS server" /var/lib/dnsmasq' SYSTEMD_INLINE_EOF $ Notice the extra quotes. Oops, sorry for that. https://src.fedoraproject.org/rpms/dnsmasq/pull-request/3 this bug is assigned against f27. what all branches does this fix need to be ported to? F27 and later. But there's no "porting", all releases are built from the same branch. dnsmasq-2.79-5.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-04f258ff4b dnsmasq-2.79-5.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-04f258ff4b dnsmasq-2.79-5.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |