Victor Coss
2023-07-13 03:30:01 UTC
Package: inspircd
Version: 3.15.0-1
Severity: normal
Dear Maintainer,
The systemd service file starts InspIRCd with the --nopid flag, however the module sslrehashsignal requires there to be a PID. Please remove this argument from the ExecStart line. I have edited the inspircd.service file temporarily using systemctl edit --full inspircd.service
However I believe due to the AppArmor profile that is shipped, the PID cannot write. You should allow the PID to be at /var/run/inspircd/inspircd.pid which is what I have configured as the location in my InspIRCd configuration file.
I however get the following error and InspIRCd fails to start:
Failed to write PID-file '/var/run/inspircd/inspircd.pid', exiting.
The permissions are as follows,
***@radium:~# ls -lah /var/run/inspircd/
total 0
drwxr-xr-x 2 irc irc 40 Jul 12 15:21 .
drwxr-xr-x 20 root root 600 Jul 12 15:49 ..
That appears to be correct? However I do a dmesg and see that inspircd is being blocked under audit, I suppose this is from AppArmor?
[611682.465180] audit: type=1400 audit(1689212777.973:26): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7703 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.233201] audit: type=1400 audit(1689213864.742:27): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7968 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.478807] audit: type=1400 audit(1689213864.986:28): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7969 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.730910] audit: type=1400 audit(1689213865.238:29): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7971 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.990731] audit: type=1400 audit(1689213865.498:30): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7973 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612770.231224] audit: type=1400 audit(1689213865.738:31): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7974 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
Also logging is broken too. The default log file location of /var/log/inspircd.log doesn't write. The file exists however when I cat the file out, it remains empty. I have inspircd configured to log to that file as well.
In dmesg you can see the log file is being blocked.
[599993.814582] audit: type=1400 audit(1689201089.349:15): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7525 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[601900.436898] inspircd[7525]: segfault at 7f865dc02060 ip 00007f865dc02060 sp 00007ffe3832d388 error 14 in m_filter.so[7f865de0c000+7000] likely on CPU 2 (core 0, socket 0)
[601900.436959] audit: type=1400 audit(1689202995.964:16): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7525 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[601949.800182] audit: type=1400 audit(1689203045.328:17): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7586 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[605077.481347] inspircd[7586]: segfault at 7fb4b546d060 ip 00007fb4b546d060 sp 00007ffd3d7c7768 error 14 in m_filter.so[7fb4b5677000+7000] likely on CPU 1 (core 1, socket 0)
[605077.481416] audit: type=1400 audit(1689206173.006:18): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7586 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[605212.549953] audit: type=1400 audit(1689206308.073:19): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7637 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
The permissions for the log file are as follows:
***@radium:~# ls -lah /var/log/inspircd.log
-rw-r----- 1 irc adm 0 Jul 12 15:21 /var/log/inspircd.log
***@radium:~# cat /var/log/inspircd.log
***@radium:~#
As you can see the log file remains empty. However if I use journalctl -u inspircd.service I can see the log messages from inspircd.
In my inspircd config file I have a <log target="/var/log/inspircd.log"> so it should be writing there and appears to be attempting to according to dmesg.
Also there is a new upstream version of InspIRCd, 3.16.1 which quite a few bug fixes. Can you please package it?
Kindest Regards,
Victor Coss
-- System Information:
Debian Release: 12.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages inspircd depends on:
pn gnutls-bin <none>
ii init-system-helpers 1.65.2
ii libargon2-1 0~20171227-0.3+deb12u1
ii libc6 2.36-9
ii libgcc-s1 12.2.0-14
ii libgnutls30 3.7.9-2
pn libhttp-parser2.9 <none>
ii libio-socket-ssl-perl 2.081-2
ii libldap-2.5-0 2.5.13+dfsg-5
ii libmariadb3 1:10.11.3-1
ii libmaxminddb0 1.7.1-1
ii libpcre2-8-0 10.42-1
pn libpq5 <none>
pn libre2-9 <none>
ii libsqlite3-0 3.40.1-2
ii libstdc++6 12.2.0-14
pn libtre5 <none>
ii lsb-base 11.6
ii perl 5.36.0-7
ii sysvinit-utils [lsb-base] 3.06-4
inspircd recommends no packages.
Versions of packages inspircd suggests:
pn default-mysql-server <none>
pn ldap-server <none>
pn postgresql <none>
pn sqlite3 <none>
Version: 3.15.0-1
Severity: normal
Dear Maintainer,
The systemd service file starts InspIRCd with the --nopid flag, however the module sslrehashsignal requires there to be a PID. Please remove this argument from the ExecStart line. I have edited the inspircd.service file temporarily using systemctl edit --full inspircd.service
However I believe due to the AppArmor profile that is shipped, the PID cannot write. You should allow the PID to be at /var/run/inspircd/inspircd.pid which is what I have configured as the location in my InspIRCd configuration file.
I however get the following error and InspIRCd fails to start:
Failed to write PID-file '/var/run/inspircd/inspircd.pid', exiting.
The permissions are as follows,
***@radium:~# ls -lah /var/run/inspircd/
total 0
drwxr-xr-x 2 irc irc 40 Jul 12 15:21 .
drwxr-xr-x 20 root root 600 Jul 12 15:49 ..
That appears to be correct? However I do a dmesg and see that inspircd is being blocked under audit, I suppose this is from AppArmor?
[611682.465180] audit: type=1400 audit(1689212777.973:26): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7703 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.233201] audit: type=1400 audit(1689213864.742:27): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7968 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.478807] audit: type=1400 audit(1689213864.986:28): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7969 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.730910] audit: type=1400 audit(1689213865.238:29): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7971 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.990731] audit: type=1400 audit(1689213865.498:30): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7973 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612770.231224] audit: type=1400 audit(1689213865.738:31): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/run/inspircd/inspircd.pid" pid=7974 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
Also logging is broken too. The default log file location of /var/log/inspircd.log doesn't write. The file exists however when I cat the file out, it remains empty. I have inspircd configured to log to that file as well.
In dmesg you can see the log file is being blocked.
[599993.814582] audit: type=1400 audit(1689201089.349:15): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7525 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[601900.436898] inspircd[7525]: segfault at 7f865dc02060 ip 00007f865dc02060 sp 00007ffe3832d388 error 14 in m_filter.so[7f865de0c000+7000] likely on CPU 2 (core 0, socket 0)
[601900.436959] audit: type=1400 audit(1689202995.964:16): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7525 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[601949.800182] audit: type=1400 audit(1689203045.328:17): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7586 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[605077.481347] inspircd[7586]: segfault at 7fb4b546d060 ip 00007fb4b546d060 sp 00007ffd3d7c7768 error 14 in m_filter.so[7fb4b5677000+7000] likely on CPU 1 (core 1, socket 0)
[605077.481416] audit: type=1400 audit(1689206173.006:18): apparmor="DENIED" operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7586 comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[605212.549953] audit: type=1400 audit(1689206308.073:19): apparmor="DENIED" operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" pid=7637 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
The permissions for the log file are as follows:
***@radium:~# ls -lah /var/log/inspircd.log
-rw-r----- 1 irc adm 0 Jul 12 15:21 /var/log/inspircd.log
***@radium:~# cat /var/log/inspircd.log
***@radium:~#
As you can see the log file remains empty. However if I use journalctl -u inspircd.service I can see the log messages from inspircd.
In my inspircd config file I have a <log target="/var/log/inspircd.log"> so it should be writing there and appears to be attempting to according to dmesg.
Also there is a new upstream version of InspIRCd, 3.16.1 which quite a few bug fixes. Can you please package it?
Kindest Regards,
Victor Coss
-- System Information:
Debian Release: 12.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages inspircd depends on:
pn gnutls-bin <none>
ii init-system-helpers 1.65.2
ii libargon2-1 0~20171227-0.3+deb12u1
ii libc6 2.36-9
ii libgcc-s1 12.2.0-14
ii libgnutls30 3.7.9-2
pn libhttp-parser2.9 <none>
ii libio-socket-ssl-perl 2.081-2
ii libldap-2.5-0 2.5.13+dfsg-5
ii libmariadb3 1:10.11.3-1
ii libmaxminddb0 1.7.1-1
ii libpcre2-8-0 10.42-1
pn libpq5 <none>
pn libre2-9 <none>
ii libsqlite3-0 3.40.1-2
ii libstdc++6 12.2.0-14
pn libtre5 <none>
ii lsb-base 11.6
ii perl 5.36.0-7
ii sysvinit-utils [lsb-base] 3.06-4
inspircd recommends no packages.
Versions of packages inspircd suggests:
pn default-mysql-server <none>
pn ldap-server <none>
pn postgresql <none>
pn sqlite3 <none>