[exim-dev] [Bug 2391] chown() fails in some NFS environmonts

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Exim Bugzilla
Dátum:  
Címzett: exim-dev
Tárgy: [exim-dev] [Bug 2391] chown() fails in some NFS environmonts
https://bugs.exim.org/show_bug.cgi?id=2391

--- Comment #7 from Andreas Metzler <eximusers@???> ---
Hello,

I recently got a a bug report on Debian regarding this issue against 4.98
https://bugs.debian.org/1082646 - Adding a comment here in case this pops up
somewhere else:

Error message/symptom:
2024-09-22 16:25:08 1ssU4q-00000001DEL-0AVf exim.c:884:
chown(/var/spool/exim4//msglog//1ssU4q-00000001DEL-0AVf, 111:117) failed
(Operation not permitted). Please contact the authors and refer to
https://bugs.exim.org/show_bug.cgi?id=2391
2024-09-22 16:25:08 1ssU4q-00000001DEL-0AVf Couldn't chown message log
/var/spool/exim4//msglog//1ssU4q-00000001DEL-0AVf: Operation not permitted

The issue was triggered by a systemd service sending out mail by piping into
/usr/lib/sendmail therefore exim inherited the the lockdown settings set by
the systemd service file. Some of these settings were incompatible with exim:

CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_SETGID
CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_RAWIO
CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_ADMIN
CAP_SYS_RESOURCE

CAP_FOWNER CAP_CHOWN was missing here.

Also exim tries to fork off a delivery process which often will need to
look/write into /home which ProtectHome=true (which was also set) breaks. The
delivery process fails and the message is placed on the queue and delivered
later, so this is not a terminal error.)

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/