Bug#880522: quagga-core: zebra fails to start (probably due to changes in systemd)

Wed, 01 Nov 2017 08:46:16 -0700 

Package: quagga-core
Version: 1.1.1-3
Severity: important

Dear Maintainer,

after receiving word bgpd no longer starts[1], presumably after systemd
went from 234-3 to 235-2, I checked a bit further and the most likely
explanation is zebra.service is invalid and used to work in the past
rather by coincidence only. This might need more checking in the systemd
sources but honestly reading the documentation it's obvious the service
file needs some attention.

So, there is a "RuntimeDirectory=quagga" definition. *Presumably*
systemd now enforces ownership of this directory which is, for lack of
User= and Group= statemant, root:root. This obviously happens *after*
the ExecStartPre= commands are run, rendering the chown statement for
/run/quagga void. Check with your local systemd guru in case of doubt.

So zebra, no longer root after a setgroups/setruid, cannot write its PID
file. The logfile, if written, shows:
| ZEBRA: Can't create pid lock file /run/quagga/zebra.pid (Permission denied), 
exiting

With zebra failed to start, bgpd will not be attempted at all, resulting
in the observed behaviour.

Not sure about a sane fix. User=/Group= is certainly not an option since
some portions of zebra need root privileges. Removing the
RuntimeDirectory= statement and asserting /run/quagga - either by an
additional ExecStartPre= or by a tmpfile sniplet - seems to do the
trick.

    Christoph

[1] See also
    
https://ci.debian.net/data/packages/unstable/amd64/q/quagga/20171011_224800.log

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.58 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages quagga-core depends on:
ii  adduser              3.116+~jj1
ii  dpkg                 1.19.0.4+~jj1
ii  init-system-helpers  1.51
pn  iproute2             <none>
ii  libc6                2.24-17
ii  libcap2              1:2.25-1.1
ii  libpam0g             1.1.8-3.6
ii  libreadline7         7.0-3
ii  libtinfo5            6.0+20170902-1

quagga-core recommends no packages.

Versions of packages quagga-core suggests:
pn  quagga-bgpd    <none>
pn  quagga-isisd   <none>
pn  quagga-ospf6d  <none>
pn  quagga-ospfd   <none>
pn  quagga-pimd    <none>
pn  quagga-ripd    <none>
pn  quagga-ripngd  <none>
pn  snmpd          <none>

Attachment: signature.asc
Description: Digital signature

Reply via email to