Hi, Le 2021-09-28 11:55, Steve Egbert a écrit : > Package: chrony > Version: 4.0-8 > Severity: grave > Tags: upstream > Justification: renders package unusable > X-Debbugs-Cc: [email protected] > > Dear Maintainer, > > > The filename construct for a UNIX socket to be shared > between the Chrony (chronyd) daemon and its Chrony CLI (chronyc) client > admin tool are not in sync, as client's UNIX filename uses a PID value > whereas server's UNIX filename does not use PID value. > > This appears to be a Debian-only issue.
What makes you think that this issue, if at all, is specific to Debian?
> Fired up its daemon and doubled checked that a UNIX socket was made:
>
> $ ls -1 /run/chrony
> chrony.sock
> chrony.pid
chrony in Debian will create by default the chronyd.{pid,sock} files. The
above shows that you are tweaked chronyd's configuration. What changes did you
make?
> Execute the client and no successful UNIX socket opened.
>
> Using List Open File (lsof) tool, I show the daemon's opened files:
>
> COMMAND PID USER FD TYPE NODE NAME
> <snipped some non-relevant fds out>
> chronyd 3597 _chrony 3u unix 0x0000000000000000 \
> type=DGRAM
> chronyd 3597 _chrony 5u IPv4 UDP 127.0.0.1:323
> chronyd 3597 _chrony 6u IPv6 UDP [::1]:323
> chronyd 3597 _chrony 7u unix 0x0000000000000000 \
> /run/chrony/chronyd.sock type=DGRAM
> chronyd 3597 _chrony 8u unix 0x0000000000000000 type=SEQPACKET
> chronyc 3809 johnd 3u IPv4 UDP \
> 127.0.0.1:33911->127.0.0.1:323
>
> No socket in the dispatcher part of the daemon, now to check the other
> forked part of the daemon used to carry on the connection with
> its chronyc client, same 'lsof' output.
>
> COMMAND PID USER FD TYPE NODE NAME
> <snipped some non-relevant fds out>
> chronyd 3597 _chrony 5u IPv4 UDP 127.0.0.1:323
> chronyd 3597 _chrony 6u IPv6 UDP [::1]:323
> chronyd 3598 _chrony 9u unix 0x0000000000000000 type=SEQPACKET
> chronyc 3809 johnd 3u IPv4 UDP \
> 127.0.0.1:33911->127.0.0.1:323
>
> Appears that client failed socket open and fell back to a
> different approach which is using an IP loopback address.
>
> Investigated why socket open failed... by using 'strace -f chrony[c|d]'.
>
> For the chronyd v4.0 having opened a Debian-tweaked '/run/chrony/chrony.sock',
> I show the corresponding chronyc v4.0 version:
>
> $ chronyc -v
> chronyc (chrony) version 4.0 (+READLINE +SECHASH +IPV6 -DEBUG)
>
> And ran strace against this v4.0 client and grep'd for 'sock' word pattern:
>
> $ strace -f /usr/bin/chronyc
> socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> unlink("/run/chrony/chronyc.3875.sock") = -1 EACCES (Permission denied)
>
> bind(3, {sa_family=AF_UNIX, sun_path="/run/chrony/chronyc.3875.sock"},
> 110) = -1 EACCES (Permission denied)
> getsockname(3, {sa_family=AF_UNIX}, [112->2]) = 0
> close(3) = 0
>
> socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
> connect(3, {sa_family=AF_INET, sin_port=htons(323),
> sin_addr=inet_addr("127.0.0.1")}, 16) = 0
>
> Noticed the 'PID' number being inserted into the
> '/run/chrony/chronyc.3875.sock'?
> This is the chronyc client doing "PID-sock" filenaming convention, whereas
> its daemon is doing a different "just-sock" filenaming convention.
The PID is included to have the ability to run multiple chronyc instances at
the same time. Nothing wrong with that.
> The v4.1 client does exactly the same.
>
> chronyc (chrony) version DEVELOPMENT (-READLINE -SECHASH +IPV6 +DEBUG)
>
> socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> unlink("/var/run/chrony/chronyc.3885.sock") = -1 EACCES (Permission
> denied)
>
> bind(3, {sa_family=AF_UNIX,
> sun_path="/var/run/chrony/chronyc.3885.sock"}, 110) = -1 EACCES (Permission
> denied)
> getsockname(3, {sa_family=AF_UNIX}, [112->2]) = 0
> close(3) = 0
>
> socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
> connect(3, {sa_family=AF_INET, sin_port=htons(323),
> sin_addr=inet_addr("127.0.0.1")}, 16) = 0
> fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
> read(0, ^Cstrace: Process 3885 detached
> <detached ...>
>
> It would be nice to use consistent filenaming convention for the UNIX socket
> for both client and daemon.
Cheers,
Vincent
signature.asc
Description: PGP signature
