Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1830

body perms does not work on file type socket

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.12.0, 3.10.3
    • Component/s: Built-in functions
    • Labels:
      None
    • Platform:
      Linux

      Description

      Apparently the current Docker setup has a bug where NIS groups cannot be used in it's config, e.g. it'll create

      # ls -l /var/run/docker.sock 
      srw-rw----. 1 root docker 0 Feb  5 16:41 /var/run/docker.sock
      

      where we need 'docket' to be something else (a NIS group). (Btw, I know there are other solutions to our issue - this bug report is about CFengine and perms body)

      Anyway, after implementing e.g.

      files:
        "/var/run/docker.sock"   perms => mog("660", "root", "allusers"), ifvarclass => fileexists("/var/run/docker.sock");
      
      

      the socket did not change group; in the log output was:

       info: /default/configure_docker_service/files/'/var/run/docker.sock'[0]: Cannot set ownership on file '/var/run/docker.sock'. (chown: No such device or address)
      

      Possibly because mog(), og() etc appears to use chown in it's <user>:<group> syntax I then tried this:

      files:
        "/var/run/docker.sock"   perms => g("allusers"), ifvarclass => fileexists("/var/run/docker.sock");
      }
      
      body perms g(g)
      {
        groups => "$(g)"; 
      }
      

      but that gave the exact same result (and same 'chown' message).

      The commands /bin/chown and /bin/chgrp work just fine on the command line, so it appears CFengine has a bug here.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                a10042 Nick Anderson
                Reporter:
                hakan Håkan Olsson
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel