Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postfix chroot and libresolv #11

Closed
lazyfrosch opened this issue Aug 13, 2015 · 3 comments
Closed

Postfix chroot and libresolv #11

lazyfrosch opened this issue Aug 13, 2015 · 3 comments
Assignees
@liske
Labels
bug

Comments

@lazyfrosch
Copy link
Contributor

I noticed something odd with chroot detection for libraries.

Apparently postfix has the libresolv library already opened, and hands that off to its childs.

Therefore the opened inode is not the one in the chroot.

Debian: stretch
needrestart: 85b172f (master)

$ ps -ef | grep pickup
postfix  16130 13617  0 19:08 ?        00:00:00 pickup -l -t unix -u -c

$ sudo cat /proc/16130/maps | grep resolv
7fd1b6757000-7fd1b676b000 r-xp 00000000 fe:01 264409                     /lib/x86_64-linux-gnu/libresolv-2.19.so
7fd1b676b000-7fd1b696a000 ---p 00014000 fe:01 264409                     /lib/x86_64-linux-gnu/libresolv-2.19.so
7fd1b696a000-7fd1b696b000 r--p 00013000 fe:01 264409                     /lib/x86_64-linux-gnu/libresolv-2.19.so
7fd1b696b000-7fd1b696c000 rw-p 00014000 fe:01 264409                     /lib/x86_64-linux-gnu/libresolv-2.19.so

$ stat /lib/x86_64-linux-gnu/libresolv-2.19.so
  File: ‘/lib/x86_64-linux-gnu/libresolv-2.19.so’
  Size: 84856       Blocks: 168        IO Block: 4096   regular file
Device: fe01h/65025d    Inode: 264409      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-08-12 20:55:01.804832072 +0200
Modify: 2015-07-09 15:28:33.000000000 +0200
Change: 2015-07-23 15:39:20.373921081 +0200
 Birth: -

$ stat /var/spool/postfix//lib/x86_64-linux-gnu/libresolv-2.19.so
  File: ‘/var/spool/postfix//lib/x86_64-linux-gnu/libresolv-2.19.so’
  Size: 84856       Blocks: 168        IO Block: 4096   regular file
Device: fe01h/65025d    Inode: 655099      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-08-13 19:09:00.292981313 +0200
Modify: 2015-07-09 15:28:33.000000000 +0200
Change: 2015-08-13 18:49:48.261795689 +0200
 Birth: -
@liske
Copy link
Owner

liske commented Sep 1, 2015

Hi,

I'm not an expert on postfix... do you know how the lib files get into /var/spool/postfix/lib ? They seem to be not part of a package (just verified on a jessie box):

$ dpkg -S /var/spool/postfix/lib/x86_64-linux-gnu/libresolv-2.13.so 
dpkg-query: no path found matching pattern /var/spool/postfix/lib/x86_64-linux-gnu/libresolv-2.13.so

@lazyfrosch
Copy link
Contributor Author

Postfix is running in a chroot jail on Debian by default. The Initscript takes care about deploying those files on every start.

It might help if we compare files inside a chroot to outside of a chroot. Makes that sense? Or remove the chroot to maybe find the file outside?

liske added a commit that referenced this issue Sep 15, 2015
@liske
[Bug] Compare inodes of mapped files more reliable for chrooted proce…
89c720c 
…sses (github issue #11 by Markus Frosch <markus@lazyfrosch.de>).
@liske liske added the bug label Sep 15, 2015
@liske liske self-assigned this Sep 15, 2015
@liske
Copy link
Owner

liske commented Sep 15, 2015

Although needrestart did check if a library exists within the root of the process (/proc/$PID/root/$path) or the root of needrestart (just /$path), it has failed if both paths exist. If /proc/$PID/root/$path exist it was always preferred while comparing the device and inode values.

The code has been improved to check both paths if both does exist.

@liske liske closed this as completed Sep 15, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liske liske

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lazyfrosch @liske