| Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Tue, 12 May 2020 09:05:27 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589267133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cVFXfP2C5akbCP3wsNHJZVzq/wykfRrwAFg1lfKtpvU=; b=JX9eKOb15v3GAOqwyupAZ4DySUo2v4pJOHru7GXurlB0k3d1EtZJ+qSWnj+Eht0Po526WH Z0ubkMguPpug7BTG2IVO0PiHA2it01NsSRsSqoTbtKouOSkYW3mlfPyzaChrU43hPX9Ktq CCl7LPRRUO4geBy+vzDzOZSEiudTo18=
On Mon, May 11, 2020 at 07:05:21PM +0200, Vincent Blut wrote:
> From a quick glance, the rest seems to make sense.
There is an issue with the Unix domain socket that I missed before. It
would need to be bound and have the owner changed before dropping the
root privileges to have the root:chrony owner and avoid the DAC
override for chronyc running under root.
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.