Details
-
Type:
Bug
-
Status: Done
-
Priority:
Low
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Built-in functions
-
Labels:None
Description
Apparently the current Docker setup has a bug where NIS groups cannot be used in it's config, e.g. it'll create
# ls -l /var/run/docker.sock srw-rw----. 1 root docker 0 Feb 5 16:41 /var/run/docker.sock
where we need 'docket' to be something else (a NIS group). (Btw, I know there are other solutions to our issue - this bug report is about CFengine and perms body)
Anyway, after implementing e.g.
files: "/var/run/docker.sock" perms => mog("660", "root", "allusers"), ifvarclass => fileexists("/var/run/docker.sock");
the socket did not change group; in the log output was:
info: /default/configure_docker_service/files/'/var/run/docker.sock'[0]: Cannot set ownership on file '/var/run/docker.sock'. (chown: No such device or address)
Possibly because mog(), og() etc appears to use chown in it's <user>:<group> syntax I then tried this:
files: "/var/run/docker.sock" perms => g("allusers"), ifvarclass => fileexists("/var/run/docker.sock"); } body perms g(g) { groups => "$(g)"; }
but that gave the exact same result (and same 'chown' message).
The commands /bin/chown and /bin/chgrp work just fine on the command line, so it appears CFengine has a bug here.
Attachments
Release management
Issue Links
- duplicates
-
CFE-1782 cant change permission on file socket or owner
-
- Done
-