diff mbox series

[nanbield,12/12] rpcbind: Specify state directory under /run

Message ID 3d5a85f173dffa14a6829edb9e6adbd5a3946d9c.1706104658.git.steve@sakoman.com
State Accepted
Delegated to: Steve Sakoman
Headers show
Series [nanbield,01/12] curl: Fix CVE-2023-46219 | expand

Commit Message

Steve Sakoman Jan. 24, 2024, 2:01 p.m. UTC 
From: Joshua Watt <JPEWhacker@gmail.com>

The state directory must be correctly specified as under /run because
RequiresMountsFor doesn't follow symbolic links which means the unit may
run before /run is mounted if the default of /var/run/rpcbind is kept

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 561e853e97e2cfa325ed310233577a5e124d9049)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Böszörményi Zoltán July 26, 2024, 11:26 a.m. UTC | #1 
2024. 01. 24. 15:01 keltezéssel, Steve Sakoman írta:
> From: Joshua Watt <JPEWhacker@gmail.com>
>
> The state directory must be correctly specified as under /run because
> RequiresMountsFor doesn't follow symbolic links which means the unit may
> run before /run is mounted if the default of /var/run/rpcbind is kept
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 561e853e97e2cfa325ed310233577a5e124d9049)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>   meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> index dd89726afc..dbd4d32e0a 100644
> --- a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> +++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> @@ -40,7 +40,7 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/
>                             systemd \
>   "
>   
> -EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
> +EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc --with-statedir=${runtimedir}/rpcbind"

This backport didn't fix the rpcbind.service failure that
I can also reproduce in scarthgap.

The change requires "runtimedir" to be set, but it's empty.
rpcbind.service ends up with:

RequiresMountsFor=/rpcbind

instead of

RequiresMountsFor=/run/rpcbind

When editing the service manually or leaving it as,
rpcbind.service fails during boot with:

rpcbind[455]: rpcbind: /var/run/rpcbind.lock: Read-only file system

FWIW, the "runtimedir" variable in bitbake.conf was introduced
in scarthgap

commit 90bc18108230f6d41a50cebc8348444e119e95bf
Author: Joshua Watt <JPEWhacker@gmail.com>
Date:   Mon Dec 18 08:38:02 2023 -0700

     bitbake.conf: Add runtimedir

     Adds the path to the runtime state directory (/run). In particular,
     systemd units need to have the correct path to the runtime directory
     because RequiresMountsFor doesn't follow symbolic links. This means that
     if a unit calls out a directory in /var/run (a symbolic link to /run),
     it may actually start before /run is mounted. The fix is to have the
     unit specify a directory in /run instead.

     Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
     Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index e7826e7af9..83b12cbc15 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -31,6 +31,7 @@ export sysconfdir = "${base_prefix}/etc"
  export servicedir = "${base_prefix}/srv"
  export sharedstatedir = "${base_prefix}/com"
  export localstatedir = "${base_prefix}/var"
+runtimedir = "${base_prefix}/run"
  export datadir = "${prefix}/share"
  export infodir = "${datadir}/info"
  export mandir = "${datadir}/man"

This commit (with or without the export that other variables have around it)
applied to nanbield does not fix the rpcbind.service failure.

I just sent the hopefully proper fix for master that will also need
to be backported to scarthgap and nanbield, plus the runtimedir
commit to nanbield.

>   
>   do_install:append () {
>   	install -d ${D}${sysconfdir}/init.d
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#194288): https://lists.openembedded.org/g/openembedded-core/message/194288
> Mute This Topic: https://lists.openembedded.org/mt/103931999/3617728
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [zboszor@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
index dd89726afc..dbd4d32e0a 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
@@ -40,7 +40,7 @@  PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/
                           systemd \
 "
 
-EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
+EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc --with-statedir=${runtimedir}/rpcbind"
 
 do_install:append () {
 	install -d ${D}${sysconfdir}/init.d