Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied

[Easwar Hariharan <eahariha@xxxxxxxxxxxxxxxxxxx>]

> -----Original Message-----
> From: Easwar Hariharan <Easwar.Hariharan@xxxxxxxxxxxxx>
> Sent: Wednesday, May 13, 2020 13:05
> To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
> Cc: Easwar Hariharan <Easwar.Hariharan@xxxxxxxxxxxxx>
> Subject: RE: [EXTERNAL] Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
>
> -----Original Message-----
> From: Vincent Blut <vincent.debian@xxxxxxx>
> Sent: Wednesday, May 13, 2020 13:00
> To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
> Subject: [EXTERNAL] Re: [chrony-dev] [Regression 3.5 -> 4.0-pre1]: Could not remove /run/chronyd.pid : Permission denied
>
> On 2020-05-12T09:05+0200, Miroslav Lichvar wrote:
> > On Mon, May 11, 2020 at 07:05:21PM +0200, Vincent Blut wrote:
> > >  From a quick glance, the rest seems to make sense.
> > There is an issue with the Unix domain socket that I missed before. It
> > would need to be bound and have the owner changed before dropping the
> > root privileges to have the root:chrony owner and avoid the DAC
> > override for chronyc running under root.
> >
> > Indeed, good catch!
> Hi Vincent,
>
> I only just joined the list, and it sounds like you're working towards having chrony be able to work without root permissions? Can you confirm?
>
> Thanks,
> Easwar

Apologies, I let my excitement get away from me and inadvertently 
replied from my Outlook mailbox. I should have also taken a closer look 
at the thread and the code. I'll take a deeper look at FEAT_PRIVDROP and 
associated code to see what's already been implemented in this space. 
Sorry about the tangent.

Thanks,

Easwar


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.