avahi-daemon 無法以“Failed to chroot(): Permission denied”開始。但只有沒有 stderr-IO-redirection
在最近一次升級後,avahi-daemon 不再啟動。此外,無論我是否將 stderr 重定向到文件,行為都會有所不同。
如果我使用調試選項 ( ) 執行 avahi
avahi-daemon --debug,我會得到以下輸出:Found user 'avahi' (UID 84) and group 'avahi' (GID 84). Successfully dropped root privileges. avahi-daemon 0.6.32 starting up. Failed to chroot(): Permission denied chroot.c: chroot() helper started chroot.c: chroot() helper got command 0d avahi-daemon 0.6.32 exiting. chroot.c: chroot() helper got command 0c chroot.c: chroot() helper exiting with return value 0如果我添加 stderr IO-redirection (
avahi-daemon --debug 2>avahi.stderr),我會得到不同的行為:在終端(
stdout)上,我得到File size limit exceeded現在
avahi.stderr包含Found user 'avahi' (UID 84) and group 'avahi' (GID 84). Successfully dropped root privileges.但是,沒有 avahi 程序正在執行。
當我只是重定向
2>/dev/stdin時,我會得到與沒有重定向相同的行為。對應的 strace 輸出:
strace avahi-daemon --debug:由於 stackexchange 的大小限制,這個是在一個 pastebin 中:http: //paste.pound-python.org/show/J1sYeeXcKYKlHxN6QAX0/
strace avahi-daemon --debug 2>strace.out(File size limit exceeded在標準輸出上):由於 stackexchange 的大小限制,該文件位於 pastebin 中:http: //paste.pound-python.org/show/VpFokjSr6kmNAA98s4Y6/
我的環境(的輸出
env,我的非root使用者名已被審查)是這樣的:由於stackexchange的大小限制,這個是在一個pastebin中:http: //paste.pound-python.org/show/3s9Qo1WVMB6mLtf15pXp/
avahi 版本:
avahi-daemon -V列印avahi-daemon 0.6.32。關於配置:
% ls -la /etc | grep avahi drwx------ 3 root root 4096 Mar 9 13:29 avahi % ls -la /etc/avahi drwx------ 3 root root 4096 Mar 9 13:29 . drwxr-xr-x 242 root root 20480 Mar 9 13:29 .. -rwxr-xr-x 1 root root 2509 Feb 19 13:52 avahi-autoipd.action -rw-r--r-- 1 root root 1747 Feb 19 13:52 avahi-daemon.conf -rw-r--r-- 1 root root 1747 Dec 25 18:22 avahi-daemon.conf.pacnew lrwxrwxrwx 1 root root 38 Mar 9 13:25 avahi-daemon.conf.pacsave -> /usr/local/etc/avahi/avahi-daemon.conf -rwxr-xr-x 1 root root 2743 Feb 19 13:52 avahi-dnsconfd.action -rw-r--r-- 1 root root 1121 Feb 19 13:52 hosts drwx------ 2 root root 4096 Mar 9 13:29 services嗯,
/usr/local/etc/avahi/avahi-daemon.conf就是我平時用的配置,更新的時候換過。如果我使用該配置,我會得到相同的行為,無論/etc/avahi/avahi-daemon.conf是正常文件還是符號連結都沒有關係。在這裡,我發布了
/etc/avahi/avahi-daemon.conf創建此問題的內容:# This file is part of avahi. # # avahi is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2 of the # License, or (at your option) any later version. # # avahi is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public # License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with avahi; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA. # See avahi-daemon.conf(5) for more information on this configuration # file! [server] #host-name=foo #domain-name=local #browse-domains=0pointer.de, zeroconf.org use-ipv4=yes use-ipv6=yes #allow-interfaces=eth0 #deny-interfaces=eth1 #check-response-ttl=no #use-iff-running=no #enable-dbus=yes #disallow-other-stacks=no #allow-point-to-point=no #cache-entries-max=4096 #clients-max=4096 #objects-per-client-max=1024 #entries-per-entry-group-max=32 ratelimit-interval-usec=1000000 ratelimit-burst=1000 [wide-area] enable-wide-area=yes [publish] #disable-publishing=no #disable-user-service-publishing=no #add-service-cookie=no #publish-addresses=yes publish-hinfo=no publish-workstation=no #publish-domain=yes #publish-dns-servers=192.168.50.1, 192.168.50.2 #publish-resolv-conf-dns-servers=yes #publish-aaaa-on-ipv4=yes #publish-a-on-ipv6=no [reflector] #enable-reflector=no #reflect-ipv=no [rlimits] #rlimit-as= rlimit-core=0 rlimit-data=4194304 rlimit-fsize=0 rlimit-nofile=768 rlimit-stack=4194304 rlimit-nproc=3我使用帶有 OpenRC 的 Arch Linux(即沒有 systemd),無論我使用包
avahi還是avahi-nosystemd. 我之前在使用 avahi 時遇到過一些問題,例如它首先執行然後崩潰。這裡可能發生了什麼?
解決方案:
/etc/avahi/需要avahi-daemon在刪除根權限後才能訪問。因此,
/etc/avahi/所有子目錄都應該有 mode755和所有文件 mode644,而它們仍然由 userroot和 group擁有root。
與另一個提到的問題相關,您從 avahi-daemon 收到“超出文件大小限制”錯誤,因為它在其配置中將其文件大小 rlimit 設置為 0,並且您重定向到文件會創建一個大小大於零的文件。
要禁用此功能,請在 avahi 配置中註釋掉 rlimit-fsize=0,即
[rlimits] #rlimit-as= rlimit-core=0 rlimit-data=4194304 #rlimit-fsize=0