Opened 11 years ago

Closed 11 years ago

#84 closed defect (wontfix)

cereal's $SUPERVISE_WORLD_ACCESSIBLE is not honored across reboots when `/var/run` is a tmpfs

Reported by: Daniel Kahn Gillmor Owned by: jrollins
Priority: major Component: cereal
Keywords: cereal Cc:
Sensitive: no

Description (last modified by Daniel Kahn Gillmor)

if /etc/default/rcS has this line in it:


then a tmpfs will be mounted at /var/run at every boot.

The new version of runit actually creates the supervise directories in /var/run.

As of [982], SUPERVISE_WORLD_ACCESSIBLE gets interpreted during cereal-admin start, but this is not sufficient: after a reboot, no one should ever need to invoke cereal-admin start by hand.

This means that a world-readable supervise directory will be set up the first time cereal is started, but then after a reboot, it will be automatically created into the new tmpfs without any setting of modes.

Change History (2)

comment:1 Changed 11 years ago by Daniel Kahn Gillmor

Description: modified (diff)

comment:2 Changed 11 years ago by jrollins

Resolution: wontfix
Status: newclosed

As of runit 1.8.0-3, update-service will no longer move supervise directories if they are not in /etc to begin with, and since we make all of our service directories in /var/lib/cereal/sessions (including the supervise directories), this is no longer an issue. In point of fact, runit does not use /var/run for supervise directories either, because of this very issue, and instead uses /var/lib/supervise.

Note: See TracTickets for help on using tickets.