hosts is a symlink (and causes spamming of log))

Debian Bug Tracking System Sun, 29 Jan 2023 03:54:15 -0800

Your message dated Sun, 29 Jan 2023 12:50:31 +0100
with message-id <[email protected]>
and subject line Re: Bug#1029945: systemd-resolved: resolve fails if /etc/hosts 
is a symlink (and causes spamming of log)
has caused the Debian Bug report #1029945,
regarding systemd-resolved: resolve fails if /etc/hosts is a symlink (and 
causes spamming of log)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1029945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029945
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: systemd-resolved
Version: 252.4-2
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

If /etc/hosts is a symlink, 'resolvectl query' fails to resolve names in the
linked file.
The log is also spammed every 2 seconds with the entry :
  "Failed to open /etc/hosts: Permission denied"
Permissions on the path to the linked file aren't the issue (all world-
readable).

Evidence:

Jan 29 11:12:31 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:33 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:35 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:37 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:39 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:41 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:43 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
Jan 29 11:12:45 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
^C
root@shiny ~ [SIGINT]# ll /etc/hosts
lrwxrwxrwx 1 root root 22 May 23  2022 /etc/hosts -> /home/bob/hfiles/hosts
root@shiny ~# ll -d /home
drwxr-xr-x 1 root root 6 May 22  2022 /home/
root@shiny ~# ll -d /home/bob
drwxr-xr-x 1 bob bob 968 Jan 29 10:48 /home/bob/
root@shiny ~# ll -d /home/bob/hfiles
drwxr-xr-x 1 bob bob 606 Jun 22  2022 /home/bob/hfiles/
root@shiny ~# ll -d /home/bob/hfiles/hosts
-rw-r--r-- 1 bob bob 586 Jun 22  2022 /home/bob/hfiles/hosts

Sincerely
-Kevin


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd-resolved depends on:
ii  dbus [default-dbus-system-bus]  1.14.4-1
ii  libc6                           2.36-8
ii  libssl3                         3.0.7-2
ii  libsystemd-shared               252.4-2
ii  systemd                         252.4-2

Versions of packages systemd-resolved recommends:
pn  libnss-myhostname  <none>
pn  libnss-resolve     <none>

Versions of packages systemd-resolved suggests:
ii  policykit-1  122-2
ii  polkitd      122-2

-- no debconf information

--- End Message ---

--- Begin Message ---
Am 29.01.2023 um 12:32 schrieb Kevin:
Package: systemd-resolved
Version: 252.4-2
Severity: normal
X-Debbugs-Cc: [email protected]
Jan 29 11:12:45 shiny systemd-resolved[41798]: Failed to open /etc/hosts:
Permission denied
^C
root@shiny ~ [SIGINT]# ll /etc/hosts
lrwxrwxrwx 1 root root 22 May 23  2022 /etc/hosts -> /home/bob/hfiles/hosts
systemd-resolved uses several hardening options, among them ProtectHome=yes [1], which makes /home innaccessible to the systemd-resolved process.
I'd argue that symlinking /etc/hosts to /home is not a good idea and would recommend not using such a setup.
If you insist on keeping the symlink, then you need to adjust the systemd-resolved unit accordingly (e.g. with an override).
Closing, as systemd-resolved works as intended with sandboxing options enabled.
[1] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/units/systemd-resolved.service.in#L36
OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Bug#1029945: marked as done (systemd-resolved: resolve fails if /etc/hosts is a symlink (and causes spamming of log))

Reply via email to