Bug 292632

Created attachment 209804 [details]
failing rtorrent init script

Created attachment 209806 [details]
/etc/conf.d/rtorrent file

Correction, I have this version of openrc installed: 0.4.3-r4

I also just tried upgrading to sys-apps/openrc-0.5.2-r2 and the problem still persists.

Following the suggestion in Bug 219184 I re-emerged openrc with USE=-pam and the problem went away.

Comment 6 Markos Chandras (RETIRED) 2009-11-10 04:13:48 UTC

(In reply to comment #5)
> Following the suggestion in Bug 219184 I re-emerged openrc with USE=-pam and
> the problem went away.
> 

Good. Sounds like a duplicate of that bug

*** This bug has been marked as a duplicate of bug 219184 ***

I'm confused why Bug 219184 is marked as resolved when there's no resolution in the bug. In this particular case, turning off the pam use flag seems like a workaround but not a resolution. 

Guys, I don't think this is a duplicate of 219184...
Well, at least not in some sense.

Both bugs are about start-stop-daemon not being able to use pam.

This bug is about why start-stop-daemon is not able to use pam if using --chroot, when it's perfectly happy if not using --chroot.

And I know that by now.

It's because start-stop-daemon is doing chroot() first, and then later expects to be able to use libpam. And _that_ is a bug, unless someone has reasons why that would be a sane thing to do.

To use libpam, there are multiple conditions to satisfy, and handcrafted chroot jails sometimes do not satisfy those conditions - it is perfectly reasonable not to put a 'nobody' user into my chroot jail, if my service does not need it. And it is perfectly reasonable not to put pam config & .so files in there, if the service does not use pam...

I would go even one step further. This is a security leak. If the system's PAM configuration does not allow you to use start-stop-daemon, just create a copy of the PAM configuration, change it accordingly and use start-stop-daemon with the --chroot option which effectively allows you to bypass the system's configuration.

I confirm the issue w.r.t. the stable openrc version:
sys-apps/openrc-0.8.2-r1  USE="ncurses pam unicode -debug (-selinux)"

The following code in a custom init script:
start-stop-daemon --start \
        --env HOME=${MLDONKEY_DIR} \
        --chroot ${CHROOT} \
        --pidfile ${MLDONKEY_PID}  --make-pidfile \
        --chuid ${MLDONKEY_USER} \
        --nice ${NICE} \
        --exec ${MLDONKEY_BINARY}

results in the message:
start-stop-daemon: pam error: Critical error - immediate abort

Please consider reopening this bug since there are no obvious reasons to identify it with https://bugs.gentoo.org/show_bug.cgi?id=219184. Moreover, unlike the latter, this bug has been confirmed for recent openrc versions.

More than 10 years later and I stumbled upon this bug and opened a PR over at upstream OpenRC's repository where start-stop-daemon is located. As Laszlo in comment 8 mentioned, chroot(2) is called before pam_start(3), so pam_start does not get access to pam configuration files.

PR is on github.com/OpenRC/openrc/pull/517/.

It's possible that that's desired, but I doubt it.

Another issue I found while writing my init file (also written in PR discussion): --std{err,out}{-logger,} option arguments start the logger process or open the logger file after the call to chroot(2). This, unlike the above issue, is documented in the start-stop-daemon(8) manpage.

I also made a patch that provides four additional options, --std{err,out}{-logger,}-before-chroot, that start the logger or open the logfile before chrooting.

I tested options --stderr-before-chroot and --std{err,out}-logger-before-chroot they worked. I do not know how to write manpages, so I can't just commit this other change to the upstream PR before adding options to the manpage. Can someone help me?

My patched version is on 1507103400/krneki/start-stop-daemon.c

I omitted the protocol from URLs, because my bugzilla account is younger than 24 hours, which prohibits me from sending URLs.