Re: Debian vs Linux namespaces, NMU lsb-base
On Sun, Mar 24, 2019 at 4:42 PM Geert Stappers <stappers@debian.org> wrote:
>
> On Sat, Mar 23, 2019 at 09:49:09PM +0800, Shengjing Zhu wrote:
> > On Sat, Mar 23, 2019 at 8:41 PM Harald Dunkel wrote:
> > >
> > > Hi folks,
> > >
> > > AFAICS there are several packages that appear to be unaware of /
> > > do not care about containers, e.g. opensmtpd, bind9, apt-cacher-ng,
> > > probably everything using pidof or pidofproc from /lib/lsb/init-\
> > > functions).
> > >
> > > I noticed that containerization and Linux namespaces are not number
> > > one priority for Debian, but do you think this could be addressed
> > > for Buster? Its pretty annoying if you try to maintain the Debian host
> > > system, and a LXC container is affected instead.
> > >
> > >
> > > Thanx in advance
> > >
> > > Harri
> > >
> > > https://bugs.debian.org/888569
>  sysv startup script stumbles over smtpd running in a LXC container
>
> > > https://bugs.debian.org/888743
>  pidofproc returns PIDs in foreign chroots and containers
>
> > > https://bugs.debian.org/858837
>  lsb-base: pidofproc should limit itself to processes in host system if running on an LXC host
>
> > > https://bugs.debian.org/924551
>  startup script affects bind running inside a container
>
>
> > If I read these bugs correctly, all are the same thing and it's the bug in lsb.
> > And the straightforward fix mentioned in #888743 and #858837 is to use
> > `pidof -c` instead of `pidof` in pidofproc function provided by
> > lsb-base package.
> >
> > I think there's no harm for this patch.
>
> Quoting manual page `pidof`
>
> |  -c   Only return process PIDs that are running with the same
> |       root directory.  This option is ignored for  non-root
> |       users,  as  they will  be unable to check the current
> |       root directory of processes they do not own.
>
>
> What would be the harm to the Buster release
> if lsb-base got NMU
> with https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=888743;filename=init-functions.diff;msg=37 ?
>
Just checked the contents in initscripts-9.49.46-1.el7.x86_64.rpm
```
# Output PIDs of matching processes, found using pidof
__pids_pidof() {
   pidof -c -m -o $$ -o $PPID -o %PPID -x "$1" || \
       pidof -c -m -o $$ -o $PPID -o %PPID -x "${1##*/}"
}
```
They use -c since 2005,
https://github.com/fedora-sysv/initscripts/commit/2b4f68e
-- 
Shengjing Zhu
Reply to: