OpenSAF (non root) fails to start in a linux container. Reason is that AMF started components such as SMFD runs as opensaf/opensaf but get changed to whatever the binaries was installed as. The start fails because the processes cannot write their PID files into the directory /var/run/opensaf which is owned by opensaf.
This was a not so well thought idea in ncs_os_process_execute_timed() that was supposed to get more security.
Besides these are system calls executed in between fork() and exec() which we have had lots of problems with before.
This "feature" should be removed.
Diff:
changeset: 5966:0fb0d27bde70
branch: opensaf-4.3.x
parent: 5956:b8dfd4a2cc01
user: Hans Feldt osafdevel@gmail.com
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5967:1ba02b3bf85a
branch: opensaf-4.4.x
parent: 5959:59a26ad0410f
user: Hans Feldt osafdevel@gmail.com
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5968:8adcf25b25a4
branch: opensaf-4.5.x
parent: 5962:c7427848a172
user: Hans Feldt osafdevel@gmail.com
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5969:ead18326c13b
tag: tip
parent: 5965:1c0e1876ef7b
user: Hans Feldt osafdevel@gmail.com
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
Related
Tickets:
#1138