I have installed daemontools-0.76 on a CentOS 8 system as per the official docs here: http://cr.yp.to/daemontools.html.
I then created a test service symlinked in /service/test with a simple run file that echoes text to stdout (as basic as it gets). Both the test folder and run file have 755 permissions.
run file:
#!/bin/sh
echo "test"
The file executes fine manually, of course, and I can even run /command/supervise /service/test and the service runs as expected. I can use svc -u/-d <service> to start/stop via the supervisor.
However, when I run /command/svscan /service I get the following error:
svscan: warning: unable to start supervise test: permission denied
I have not found any leads to indicate what permissions are in conflict here. Things I've tried:
- Both with the
test/supervisefolder present (created bysupervisewhen run manually), and with this folder removed (i.e., starting the service from scratch); same result either way (note:superviseis not running when I try to startsvscan, although I did try with it running in the background as well with the same error) - Verified permissions (755) on the commands themselves (under
/package/admin/daemontools-0.76/command/) - Verified permissions (755) on all folders (/command, /service, /package, and the service folder)
- I thought that perhaps since
/tmpis mountednoexecthat might be an issue if anything was trying to use this dir, but I retried with it mountedexecand that didn't help - I thought an
stracemight help, but there don't seem to be any issues that my untrained eye can see:
execve("/usr/local/bin/svscan", ["svscan", "/service"], 0x7ffc7385cfe8 /* 21 vars */) = 0
brk(NULL) = 0x1eab000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fff479dd530) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=34379, ...}) = 0
mmap(NULL, 34379, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7af1b35000
close(3) = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2607\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=4176104, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7af1b33000
mmap(NULL, 3938144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7af1554000
mprotect(0x7f7af170d000, 2093056, PROT_NONE) = 0
mmap(0x7f7af190c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7f7af190c000 mmap(0x7f7af1912000, 14176, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7af1912000
close(3) = 0
arch_prctl(ARCH_SET_FS, 0x7f7af1b34500) = 0
mprotect(0x7f7af190c000, 16384, PROT_READ) = 0
mprotect(0x603000, 4096, PROT_READ) = 0
mprotect(0x7f7af1b3e000, 4096, PROT_READ) = 0
munmap(0x7f7af1b35000, 34379) = 0
chdir("/service") = 0
wait4(-1, 0x7fff479dd4fc, WNOHANG, NULL) = -1 ECHILD (No child processes)
openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
brk(NULL) = 0x1eab000
brk(0x1ecc000) = 0x1ecc000
brk(NULL) = 0x1ecc000
getdents64(3, /* 3 entries */, 32768) = 72
stat("test", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("test/log", 0x7fff479dd430) = -1 ENOENT (No such file or directory)
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7af1b347d0) = 2884
getdents64(3, /* 0 entries */, 32768) = 0
close(3) = 0
nanosleep({tv_sec=5, tv_nsec=0}, svscan: warning: unable to start supervise test: permission denied
Any thoughts?
Edit: I just tried these exact same steps on a CentOS 7 machine, and it works correctly. Maybe it's an issue in glibc calls in the codebase not compatible with later versions (2.17 vs 2.28)?
