Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
. > > After having stopped chronyd, please run the command below when using the > 'bindacqdevice' directive and attach the chronyd_debug.txt file. > > # strace -o chronyd_debug.txt chronyd -d -F -1 OK, I did some more testing on my so-called fix: SO_BINDTOADDRESS define statement made no impact toward resolving this problem. Once I put in the '#define SO_BINDTOADDRESS 1' statement into the 'config.h' that was generated by 'configure' setup tool, all the -F settings are now working. 'chrony -d -Fx -L-1' F0 F1 F2 F-1 * apt install chrony-4.0 OK - - - * apt source chrony-4.0 OK - - OK * git main branch HEAD OK - OK - * development + MY FIX OK - OK - My fix made no difference in gitdev HEAD: Please disregard my claim that the SO_BINDTOADDRESS C macro we’re not being defined. Back to the issue on hand, I like the -F2 setting. At this point so far, I'm open to further suggestion. 1. Go ahead and put 4.1 into debian-unstable with -F2 default 2. Give me more things to try. 3. ???
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
Got a bit further when I myself included `#define SO_BINDTODEVICE 1` to the `config.h` that `configure` created. Then I noticed that `configure` underwent a Redhat overhaul. Missing the maintainer’s `configure.ac` so we can’t readily fix this. Punt this bug upstair. > On Sep 29, 2021, at 9:10 AM, Vincent Blut wrote: > > Le 2021-09-28 12:54, S Egbert a écrit : >> Trying attachment again. > > Thanks. To see what happens when blocking only a small number of specific > syscalls, could you please run the following command and attach the > chronyd-debug.txt file? > > # timeout 10 strace -o chronyd-debug.txt -e trace=setsockopt chronyd -d -F 2 > > Cheers, > Vincent
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
Summary: The syscall filter daemon option flag -F is the cure. Using '-F 0' to disable the syscall filter works. No other settings are workable. A summary table: Chrony -- daemon flags used -- Version -F0 -F1 -F-1 --- -- -- -- 4.0-9ok SIGSYS SIGSYS #83f96e ok SIGSYS SIGSYS Using the latest '/etc/systemd/system/chronyd.service' from 'examples' subdirectory in the Git repo does not improve the picture nor alter the summary table given above. chrony: 4.0-8, Debian chrony: git repo "development" main HEAD branch (#83f96efd), Sept 29, 2021 libseccomp2 2.5.1-1 libc6 2.31-13 Kernel: 5.10.46 - untainted Virtualization: non-virtualized, machine-level CPU: Intel i5-3470
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
>> Trying attachment again. > > Thanks. To see what happens when blocking only a small number of specific > syscalls, could you please run the following command and attach the > chronyd-debug.txt file? > > # timeout 10 strace -o chronyd-debug.txt -e trace=setsockopt chronyd -d -F 2 setsockopt(3, SOL_IP, IP_PKTINFO, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_REUSEPORT, [1], 4) = 0 setsockopt(3, SOL_IP, IP_FREEBIND, [1], 4) = 0 setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 setsockopt(4, SOL_IPV6, IPV6_RECVPKTINFO, [1], 4) = 0 setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 setsockopt(4, SOL_SOCKET, SO_REUSEPORT, [1], 4) = 0 setsockopt(4, SOL_IP, IP_FREEBIND, [1], 4) = 0 setsockopt(7, SOL_IP, IP_PKTINFO, [1], 4) = 0 setsockopt(7, SOL_SOCKET, SO_BINDTODEVICE, "enp5s0\0", 7) = ? +++ killed by SIGSYS +++
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
Le 2021-09-28 12:54, S Egbert a écrit : > Trying attachment again. Thanks. To see what happens when blocking only a small number of specific syscalls, could you please run the following command and attach the chronyd-debug.txt file? # timeout 10 strace -o chronyd-debug.txt -e trace=setsockopt chronyd -d -F 2 Cheers, Vincent signature.asc Description: PGP signature
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
Control: tags -1 - upstream + moreinfo Control: severity -1 important Hi, Le 2021-09-27 17:31, Steve Egbert a écrit : > Package: chrony > Version: 4.0-8 > Severity: critical > Tags: upstream > X-Debbugs-Cc: s.egb...@sbcglobal.net > > Dear Maintainer, > > > Wanted to use the 'bindacqdevice' due to my host having a dynamic IP > interface. > > Using that 'bindacqdevice' directive keyword anywhere in my > /etc/chrony/chrony.conf file results in a signal 31 (according to Linux > auditd). > > My guess is that attempts to do a Chrony as a NTP server (disbursing out > NTP beacons), we need to have an socket open on this dynamic IP interface. > > This is the setting of the systemd resource. > > Removing the 'bindacqdevice' directive, and all works perfectly. > > Was half-expecting to be able to use 'bindacqdevice' configuration directive > here. After having stopped chronyd, please run the command below when using the 'bindacqdevice' directive and attach the chronyd_debug.txt file. # strace -o chronyd_debug.txt chronyd -d -F -1 Cheers, Vincent signature.asc Description: PGP signature
Bug#995207: chrony: Using 'bindacqdevice' directive causes a SIGSYS error
Package: chrony Version: 4.0-8 Severity: critical Tags: upstream X-Debbugs-Cc: s.egb...@sbcglobal.net Dear Maintainer, Wanted to use the 'bindacqdevice' due to my host having a dynamic IP interface. Using that 'bindacqdevice' directive keyword anywhere in my /etc/chrony/chrony.conf file results in a signal 31 (according to Linux auditd). My guess is that attempts to do a Chrony as a NTP server (disbursing out NTP beacons), we need to have an socket open on this dynamic IP interface. This is the setting of the systemd resource. Removing the 'bindacqdevice' directive, and all works perfectly. Was half-expecting to be able to use 'bindacqdevice' configuration directive here. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.46 (SMP w/4 CPU threads) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chrony depends on: ii adduser 3.118 ii init-system-helpers 1.60 ii iproute2 5.10.0-4 ii libc62.31-13 ii libcap2 1:2.44-1 ii libedit2 3.1-20191231-2+b1 ii libgnutls30 3.7.1-5 ii libnettle8 3.7.3-1 ii libseccomp2 2.5.1-1 ii tzdata 2021a-1 ii ucf 3.0043 chrony recommends no packages. Versions of packages chrony suggests: ii bind9-dnsutils [dnsutils] 1:9.16.15-1 pn networkd-dispatcher -- Configuration Files: /etc/default/chrony changed: DAEMON_OPTS="-F 1 -L 0" -- no debconf information