- edited description
dbus session bus
The dbus session bus is not availiable to binaries executed from monit. This either leads to a session bus per monit unit (which is not desired) or a no bus at all if the case below kicks in.
This is especially bad if used with GDBus and an old'ish version of libdbus1 (where the first needs dbus-launch but the later does not supply it yet).
Note: I am glued to a bare sh (no bash, no csh)
Comments (12)
-
reporter -
reporter - edited description
-
reporter - edited description
-
repo owner Could you provide an example config, script etc so we can reproduce and debug?
-
reporter check process foo with pidfile /var/run/foo.pid start program = "/bin/foo -arg1 -arg2 -arg3 1>&2 2> /tmp/foo.log" stop program = "/bin/kill `cat `/var/run/foo.pid`"
where
foo
was my binary usingGDBus
functions.
The root cause is the lack of the env variable
DBUS_SESSION_BUS_ADDRESS=
in the spawned shell and thusGDBus
attempts to startdbus-launch
in order to create a new session bus - which fails because of an old dbus which simply does not providedbus-launch
.
I also tried to wrap into a sysv start/stop script, a usual shell script, but no change.
-
repo owner I've just modified Monit to keep the environment in sub-processes, see https://bitbucket.org/tildeslash/monit/commits/cd545838378517f84bdb0989cadf461a19d8ba11
Could you download the latest version from BitBucket and see if this solve your problem?
-
repo owner - changed status to resolved
No feedback, but assuming this works. And no, this is not really a bug. Axing the environment had a security rationale behind it and there are ways to work around this. However looking at it pro/con, we decided to keep the environment in sub-processes
-
reporter Did not have the time to test/deploy it as of now.
And imho this is a bug, it prevents usablility without adding significantly to security - I'd be happy to be proven wrong with a exploit where the invader does not already have root rights (exclude buffer overflows, that is the applications duty to take care of to not read beyond bounds).
I'll report back as soon as I tested this.
Thanks a lot for taking care of this issue that quickly!
-
reporter Works. Thanks a lot!
-
repo owner Thank you
-
repo owner - changed component to 1. Monit
-
repo owner - changed component to Monit
- Log in to comment