On 2017-11-01.16:41, Christoph Biedl wrote: > Package: quagga-core > Version: 1.1.1-3 > Severity: important > > Dear Maintainer, > > after receiving word bgpd no longer starts[1], presumably after systemd > went from 234-3 to 235-2, I checked a bit further and the most likely > explanation is zebra.service is invalid and used to work in the past > rather by coincidence only. This might need more checking in the systemd > sources but honestly reading the documentation it's obvious the service > file needs some attention. > > So, there is a "RuntimeDirectory=quagga" definition. *Presumably* > systemd now enforces ownership of this directory which is, for lack of > User= and Group= statemant, root:root. This obviously happens *after* > the ExecStartPre= commands are run, rendering the chown statement for > /run/quagga void. Check with your local systemd guru in case of doubt. > > So zebra, no longer root after a setgroups/setruid, cannot write its PID > file. The logfile, if written, shows: > | ZEBRA: Can't create pid lock file /run/quagga/zebra.pid (Permission > denied), exiting > > With zebra failed to start, bgpd will not be attempted at all, resulting > in the observed behaviour. > > Not sure about a sane fix. User=/Group= is certainly not an option since > some portions of zebra need root privileges. Removing the > RuntimeDirectory= statement and asserting /run/quagga - either by an > additional ExecStartPre= or by a tmpfile sniplet - seems to do the > trick. > > Christoph > > [1] See also > > https://ci.debian.net/data/packages/unstable/amd64/q/quagga/20171011_224800.log >
Hi Christoph, Thanks for the bug report, this is quite annoying. I'll look into finding a solution. -- Regards, Scott.
signature.asc
Description: PGP signature