[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
dnsmasq's use of 'nobody' has lead to at least https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1105493 Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
Indeed - in a newly created artful VM, I get the same thing: nobody3674 1 0 16:53 ?00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper root 3675 3674 0 16:53 ?00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ** Changed in: libvirt (Ubuntu) Importance: Undecided => High ** Changed in: libvirt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
@apricultor - that does look wrong. On my system (xenial) the libvirt dnsmasq is running as libvirt-dnsmasq user. It should *not* be running as nobody. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
So - the two processes, one as root, one as unpriv, is expected. The use of 'nobody' is a bug in the libvirt packaging, or a misconfiguration on your system (in which case we should figure out what happened). Let me setup a bionic vm host and see what I get :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
>BTW, 'nobody' is strictly reserved for NFS use. If any processes run as user 'nobody' then that process would have undue influence over NFS. Did you miss this bit, where dnsmasq *is* running as "nobody"? $ sudo ps aux | grep dnsmasq | grep -v grep nobody 3771 0.0 0.0 54552 388 ? S 18:16 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper root 3772 0.0 0.0 54524 388 ? S 18:16 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper Having two copies of it running doesn't seem like the correct behaviour to me. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
I believe this is working as designed: one process is the parent of the other: $ sudo ps -C dnsmasq -ocomm,euid,uid,pid,ppid,args | cat COMMAND EUID UID PID PPID COMMAND dnsmasq 118 118 2815 1 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper dnsmasq 0 0 2816 2815 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper BTW, 'nobody' is strictly reserved for NFS use. If any processes run as user 'nobody' then that process would have undue influence over NFS. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1743718] Re: libvirt-daemon-system package runs dnsmasq as root
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
