bugzilla-daemon at allevil
May 12, 2008, 9:15 AM
Post #1 of 1
(2528 views)
Permalink
|
|
[Bug 450] Inappropriate privilege requirements when starting zebra on Solaris using SMF
|
|
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug
report.
http://bugzilla.quagga.net/show_bug.cgi?id=450
jingjing.duan [at] sun changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Inappropriate privilege |Inappropriate privilege
|requirements while starting |requirements when starting
|zebra on Solaris using SMF |zebra on Solaris using SMF
------- Additional Comments From jingjing.duan [at] sun 2008-05-12 17:13 -------
The privileges listed in solaris/quagga.xml.in doesn't seem to be enough. The
code in Quagga's lib/privs.c is asking for more privileges, but I don't really
know what ones it's asking for.
The relevant logs look like:
[. May 9 11:55:39 Executing start method ("/lib/svc/method/quagga zebra -P\ 0"). ]
zprivs_caps_init: error setting permitted set!, Not owner
[ May 9 11:55:40 Method "start" exited with status 0. ]
[. May 9 11:55:40 Stopping because all processes in service exited. ]
[ May 9 11:55:40 Executing stop method (:kill). ]
The zprivs_caps_init function calls setppriv which fails with the above error
message.
The part including privilege list assigned to zebra in the quagga.xml.in
configuration file looks like:
<exec_method
type='method'
name='start'
exec='/lib/svc/method/quagga zebra %{routing/daemon-args}'
timeout_seconds='60'>
<method_context>
<method_credential
user='root' group='root'
privileges='basic,net_icmpaccess,net_rawaccess,sys_admin,sys_net_config'/>
</method_context>
</exec_method>
A possible workaround could be removing the privilege list line above, so that
the zebra daemon would have "all" the privileges of "root", which would fix the
immediate problem.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Quagga-bugs mailing list
Quagga-bugs [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-bugs
|
