[Bug 1177819] systemd inside Parallels Virtuozzo VM: Failed at step NO_NEW_PRIVILEGES spawning /usr/sbin/amavisd: Invalid argument

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=1177819

Peter Bieringer <pb@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Target Release|---                         |7.1
            Version|epel7                       |7.0
          Component|amavisd-new                 |systemd
                 CC|                            |systemd-maint-list@redhat.c
                   |                            |om
           Assignee|juan.orti@xxxxxxxxxxxx      |systemd-maint@xxxxxxxxxx
         QA Contact|extras-qa@xxxxxxxxxxxxxxxxx |qe-baseos-daemons@xxxxxxxxx
                   |                            |m
            Summary|Failed at step              |systemd inside Parallels
                   |NO_NEW_PRIVILEGES spawning  |Virtuozzo VM: Failed at
                   |/usr/sbin/amavisd: Invalid  |step NO_NEW_PRIVILEGES
                   |argument                    |spawning /usr/sbin/amavisd:
                   |                            |Invalid argument
   Target Milestone|---                         |rc
            Product|Fedora EPEL                 |Red Hat Enterprise Linux 7



--- Comment #2 from Peter Bieringer <pb@xxxxxxxxxxxx> ---
Woraround so far: disabling this NoNewPrivileges option:

# perl -pi.orig -e 's/^(NoNewPrivileges=)true/\1false/'
/usr/lib/systemd/system/amavisd-clean-quarantine.service
# perl -pi.orig -e 's/^(NoNewPrivileges=)true/\1false/'
/usr/lib/systemd/system/amavisd-clean-tmp.service
# perl -pi.orig -e 's/^(NoNewPrivileges=)true/\1false/'
/usr/lib/systemd/system/amavisd.service
# systemctl daemon-reload

BTW: tried to use SecureBits instead, but this is also causing an error
amavisd[2941]: Failed at step SECUREBITS spawning /usr/sbin/amavisd: Operation
not permitted

Assigned this bug now to systemd, looks like Parallels Virtuozzo blocks related
prctl calls (PR_SET_NO_NEW_PRIVS, PR_SET_SECUREBITS) (found in systemd
src/core/execute.c)

# rpm -q systemd
systemd-208-11.el7_0.5.x86_64

Looks like systemd should change its behavior to a "softfail/ignore" in case of
prctl calls fail and the reason is the underlying virtualization/container
platform.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4nMohVuPw8&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux