Package: openbgpd Version: 7.7-1 Severity: normal Hi Marco,
I'm filing this as severity normal because I stumbled across it on a local bullseye backport, and I haven't tested it on sid yet. But I think it should be affected as well. After upgrading from 7.2 to 7.7 openbgpd does not start anymore. Nov 26 17:56:51 dns-test bgpd[256654]: PF_KEY not available, disabling ipsec Nov 26 17:56:51 dns-test bgpd[256654]: control_init: unlink /run/bgpd.sock.0: Read-only file system Nov 26 17:56:51 dns-test bgpd[256654]: fatal in bgpd: control socket setup failed The systemd unit was changed from ProtectSystem=full to ProtectSystem=strict RuntimeDirectory=openbgpd A writeable /run/openbgpd is created, but not used in the default configuration, which creates the socket directly in /run Adding an override ReadWritePaths=/run fixes the issue, but this opens a few more holes. So I think the default location for the control socket should rather be moved to /run/openbgpd, possibly by setting --runstatedir and/or --with-runstatedir accordingly. Bernhard
