Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nfs: run dbus-daemon sidecar as dbus user instead of root #12698

Merged
merged 1 commit into from
Aug 11, 2023
Merged

nfs: run dbus-daemon sidecar as dbus user instead of root #12698

merged 1 commit into from
Aug 11, 2023

Conversation

nixpanic
Copy link
Contributor

@nixpanic nixpanic commented Aug 10, 2023
edited

Description of your changes:

When the dbus-daemon in the sidecar is started as "root" user, it fails with the following log entry:

Failed to start message bus: Failed to drop capabilities: Operation not permitted

By starting the sidecar as "dbus" user (uid=81), the executable does not try to drop capabilities, and starts successfully.

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Skip Tests for Docs: If this is only a documentation change, add the label skip-ci on the PR.
  • Reviewed the developer guide on Submitting a Pull Request
  • Pending release notes updated with breaking and/or notable changes for the next minor release.
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.

@BlaineEXE BlaineEXE self-requested a review August 10, 2023 16:15
@nixpanic nixpanic marked this pull request as draft August 10, 2023 16:15
@BlaineEXE
Copy link
Member

LGTM pending CI passing.

@nixpanic
nfs: run dbus-daemon sidecar as dbus user instead of root
320b112 
When the dbus-daemon in the sidecar is started as "root" user, it fails
with the following log entry:

Failed to start message bus: Failed to drop capabilities: Operation not permitted

By starting the sidecar as "dbus" user (uid=81), the executable does not
try to drop capabilities, and starts successfully.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
@nixpanic nixpanic marked this pull request as ready for review August 10, 2023 16:17
@nixpanic
Copy link
Contributor Author

LGTM pending CI passing.

Would not have passed. The RunAsUser attribute should be a *int64, which is it now.

@BlaineEXE BlaineEXE merged commit d4b806d into rook:master Aug 11, 2023
44 of 49 checks passed
@mergify mergify bot mentioned this pull request Aug 11, 2023
Merged
BlaineEXE added a commit that referenced this pull request Aug 11, 2023
@BlaineEXE
Merge pull request #12707 from rook/mergify/bp/release-1.12/pr-12698
bcd2fe8 
nfs: run dbus-daemon sidecar as dbus user instead of root (backport #12698)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BlaineEXE BlaineEXE BlaineEXE approved these changes

Assignees
No one assigned
Labels
backport-release-1.12
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nixpanic @BlaineEXE