Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]
On 2020-05-12T09:05+0200, Miroslav Lichvar wrote:
On Mon, May 11, 2020 at 07:05:21PM +0200, Vincent Blut wrote:From a quick glance, the rest seems to make sense.There is an issue with the Unix domain socket that I missed before. It would need to be bound and have the owner changed before dropping the root privileges to have the root:chrony owner and avoid the DAC override for chronyc running under root.
Indeed, good catch!
Attachment:
signature.asc
Description: PGP signature
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |