Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 492814 - <sys-libs/glibc-2.25-r10 : nscd init script doesn't catch early init errors
Summary: <sys-libs/glibc-2.25-r10 : nscd init script doesn't catch early init errors
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on: 647062
Blocks:
  Show dependency tree
 
Reported: 2013-11-28 19:13 UTC by Thomas Deutschmann
Modified: 2018-04-21 21:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
New nscd runscript (nscd,1.87 KB, text/plain)
2013-11-30 20:39 UTC, Thomas Deutschmann
Details
New nscd runscript (nscd,1.87 KB, text/plain)
2013-12-01 15:55 UTC, Thomas Deutschmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2013-11-28 19:13:35 UTC
Hi,

modify /etc/nscd.conf that way, that it contains an error. E.g. add an unsupported option.

Now (re)start nscd and check status:

# /etc/init.d/nscd start && /etc/init.d/nscd status
 * Starting Name Service Cache Daemon ...         [ ok ]
 * status: crashed

If we would add "--wait N" to the start-stop-daemon call, we would notice the error.

But please see comment 0 in bug 387107 regarding a good "N" value.

Reproducible: Always
Comment 1 Thomas Deutschmann gentoo-dev Security 2013-11-28 19:26:12 UTC
I am unsure if we should set the bug to depend on bug 387107. It would be nice to have a "dynamic" check, but I think a value of 500-1000ms (0.5-1s) should be fine for most setups.

If you are using nscd in a large LDAP environment with persistent data you may want to increase the time. Therefore we could make it configurable, e.g:

# cat /etc/conf.d/nscd
NSCD_CHECKAFTER_N_MS=1000

# cat /etc/init.d/nscd
NSCD_CHECKAFTER_N_MS=${NSCD_CHECKAFTER_N_MS:-1000}

...

        start-stop-daemon --start --quiet --background --wait ${NSCD_CHECKAFTER_N_MS} \
                --exec /usr/sbin/nscd --pidfile ${pidfile} \
                -- --foreground $secure


I think you get the idea :)
Comment 2 Thomas Deutschmann gentoo-dev Security 2013-11-30 20:39:55 UTC
Created attachment 364296 [details]
New nscd runscript

Hi,

I am attaching a new runscript for nscd. Changes:

1) Added "syslog" to USE, because there are situation when nscd should write to syslog (see db_log() in dbg_log.c).

2) Changes "/var/run" paths to "/run" (no important change because "/var/run" is a symlink  to "/run", but "/run" seems to be the new default)

3) checkconfig() will now be called from start_pre()

4) start() and stop() isn't needed, we can use the default functions

4.1) Changes from 4 removes "--secure" support, too. This shouldn't be a problem, because "-S" (--secure) was removed from nscd:

 # nscd -S passwd
nscd: secure services not implemented anymore

I did not verify when it was removed, so this runscript is only tested with sys-libs/glibc-2.17 and later.

4.2) Without the "--background" call we don't need "--wait" (=this will solve the problem described in this bug report). Because we are now using the default start and stop functions, we now also support the "SSD_STARTWAIT" environment variable. So in situation described in comment 1, one could set SSD_STARTWAIT in "/etc/conf.d/nscd"

4.3) Not sure why we set "--foreground". According to http://thread.gmane.org/gmane.comp.lib.glibc.alpha/17144 this feature was added for systemd. From my tests it seems like we don't need it.

5) The declaration of "pidfile" allows the built-in status function proper checks.

6) I added extra functions "flush_all", "flush_hosts", "flush_group", "flush_passwd", "flush_netgroup" and "flush_services" which will flush the named caches.

7) I added descriptions.
Comment 3 Thomas Deutschmann gentoo-dev Security 2013-12-01 15:55:36 UTC
Created attachment 364338 [details]
New nscd runscript

I updated the attachment (changed "syslog" to "logger").
Comment 4 Andreas K. Hüttel gentoo-dev 2017-08-23 20:38:51 UTC
Updated script with minor cosmetic changes added to the glibc-2.26 patchset (will be in patchset 1 and later)
Comment 5 Larry the Git Cow gentoo-dev 2017-11-12 14:16:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02056778ea5961e77a59a7a246b355c1225c7404

commit 02056778ea5961e77a59a7a246b355c1225c7404
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2017-11-12 12:28:38 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2017-11-12 14:15:28 +0000

    sys-libs/glibc: Re-add keywords to glibc 2.26
    
    Bug: https://bugs.gentoo.org/492814
    Bug: https://bugs.gentoo.org/622694
    Bug: https://bugs.gentoo.org/617938
    Bug: https://bugs.gentoo.org/466176
    Bug: https://bugs.gentoo.org/628768
    Bug: https://bugs.gentoo.org/637016
    Bug: https://bugs.gentoo.org/636934
    Bug: https://bugs.gentoo.org/381391
    Bug: https://bugs.gentoo.org/636158
    Package-Manager: Portage-2.3.13, Repoman-2.3.4

 sys-libs/glibc/glibc-2.26-r3.ebuild | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)}
Comment 6 Andreas K. Hüttel gentoo-dev 2017-12-12 00:36:17 UTC
Added to the 2.25 patchset (patchlevel 13 and later)
Comment 7 Andreas K. Hüttel gentoo-dev 2018-01-17 22:59:05 UTC
Also fixed in 2.25-r10
Comment 8 Andreas K. Hüttel gentoo-dev 2018-04-21 21:29:27 UTC
(In reply to Andreas K. Hüttel from comment #7)
> Also fixed in 2.25-r10

Is now stable everywhere