Hi, On Sat, 10 Feb 2018 15:56:14 +0100 Thomas Liske <tho...@fiasko-nw.net> wrote: > > > Hi, > > > Chris <fisch....@gmx.de> writes: > > Yes, it seems most processes of postfix are chrooted by default in > > Debian Stretch (plain install of Postfix via apt-get install postfix): > > I did install a vanilla Debian Stretch VM, setup an LXC container inside > (using Stretch again) and installed postfix inside the > container. Running needrestart inside of the container does *not* > detect any false positives on postfix. So it seems that your setup has > something special... > > On which linux distri and kernel are you running your LXC container? > From the kernel string it seems to be proxmox, isn't it? > > I assume there is something special in /proc/$PID/maps or the > /proc/$PID/map_files/$MADDR links are missing which are used by > needrestart. As fallback needrestart looks for /proc/$PID/root/$FILENAME > which fails for chrooted processes. > >
It appears i have some similar issue inside a systemd-nspawn container
running buster on a host running buster as well. No proxmox/lxc
involved.
# strace -e lstat,stat -s1024 stat
/proc/6314/map_files/556995da1000-556995dc5000
lstat("/proc/6314/map_files/556995da1000-556995dc5000",
{st_mode=S_IFLNK|0400, st_size=64, ...}) = 0
File: /proc/6314/map_files/556995da1000-556995dc5000 ->
/usr/lib/dovecot/imap
Size: 64 Blocks: 0 IO Block: 1024 symbolic link
Device: 32h/50d Inode: 3693525 Links: 1
Access: (0400/lr--------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2021-07-30 08:25:26.120210107 +0200
Modify: 2021-07-30 08:24:50.492904140 +0200
Change: 2021-07-30 08:24:50.492904140 +0200
Birth: -
+++ exited with 0 +++
but:
# strace -e stat -s1024 needrestart -v 2>&1|grep -F
556995da1000-556995dc5000
stat("/proc/6314/map_files/556995da1000-556995dc5000", 0x563265c23478) = -1
EPERM (Operation not permitted)
So the stat executable is using lstat on the symlink. The naive quick
fix attempt
# diff -u {/usr/sbin,.}/needrestart
--- /usr/sbin/needrestart 2019-05-24 11:56:40.000000000 +0200
+++ ./needrestart 2021-07-30 10:26:18.302473557 +0200
@@ -507,7 +507,7 @@
$maddr =~ s/^0+([^-])/$1/;
$maddr =~ s/-0+(.)/-$1/;
my @paths = ("/proc/$pid/map_files/$maddr",
"/proc/$pid/root/$path");
- my ($testp) = grep { -e $_; } @paths;
+ my ($testp) = grep { warn $_; -e $_ || -l $_; }
@paths;
unless($testp) {
unless($path =~ m@^(/var)?/tmp/@ ||
$path =~ m@^(/var)?/run/@ ||
didn't work because the elements of @testp are stated again at line
524 (and failing there). I'd like to see this fixed one way or another
but don't have time to deal with it right now. What do you think?
> Regards,
> Thomas
>
>
>
> Needrestart looks for any executable mapped files
>
> > /usr/share/postfix/master.cf.dist used/installed by
> > /var/lib/dpkg/info/postfix/postfix.postinst is e.g. chrooting the
> > mentioned process:
> >
> > pickup unix n - y 60 1 pickup
> >
> >> Could you please post:
> >> stat /usr/lib/postfix/sbin/pickup
> >
> > Sure:
> >
> > File: /usr/lib/postfix/sbin/pickup
> > Size: 14408 Blocks: 32 IO Block: 4096 regular file
> > Device: 715h/1813d Inode: 142070 Links: 1
> > Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
> > Access: 2018-02-08 01:06:13.281395346 +0000
> > Modify: 2017-09-27 04:56:28.000000000 +0000
> > Change: 2018-01-26 14:10:42.474783916 +0000
> > Birth: -
> >
> >> stat /proc/25460/root/usr/lib/postfix/sbin/pickup
> >
> > the PIDs have changed here and are now:
> >
> > [main] #4262 uses non-existing /usr/lib/postfix/sbin/pickup
> > [main] #4262 is a child of #478
> >
> > stat: cannot stat '/proc/4262/root/usr/lib/postfix/sbin/pickup': No such
> > file or directory
--
Matthias Förste
gnupg encrypted messages are welcome - key ID: 0F51DA21
gnupg fingerprint: 590C 5DF1 C3B8 D072 555B 54F5 9363 2C80 0F51 DA21
internet & unix support
Heiko Schlittermann
Tannenstraße 2 - 01099 Dresden
Web: http://www.schlittermann.de/
Tel.: +49 351 8029981
Fax: +49 351 8029983
signature.asc
Description: PGP signature
