Closed tomfitzhenry closed 1 year ago
https://github.com/NixOS/nixpkgs/pull/197379 looks like it could a fix for this? (Update: Confirmed this fixes it.)
Also, we should look into:
why the test passes, despite dnscrypt-proxy2 failing to start.
I think dnscrypt-proxy.service
does reach active
state briefly, and so client.wait_for_unit("dnscrypt-proxy2")
succeeds, but then the binary crashes when it runs the Setrlimit syscall.
https://github.com/NixOS/nixpkgs/blob/f36801e4052c4b50c4d1df591d28fe9e1992a54f/nixos/tests/dnscrypt-proxy2.nix should have stronger assertions, e.g. that dnscrypt-proxy2 manages to listen on port 43 (localPortProxy
). I've raised a PR for this: https://github.com/NixOS/nixpkgs/pull/197450.
what triggered this issue? I see no recent changes to dnscrypt-proxy2 pkg or service.
Hypothesis: A recent Go runtime update that now calls setrlimit? (Update: Reverting 0c7a6a0832b9531217d724a60ddd4377e841d68d. didn't stop the issue occurring)
It's probably introduced in Go 1.19 because I didn't find significant changes on systemd side. We'd expect this kind of issues popping out in the near future.
It's probably introduced in Go 1.19 because I didn't find significant changes on systemd side. We'd expect this kind of issues popping out in the near future.
Confirmed. Changing dnscrypt2-proxy to use Go 1.18 fixes this (but allowing @resources
syscalls is the better fix, as MidAutumnMoon has proposed).
https://github.com/golang/go/commit/8427429c592588af8c49522c76b3e0e0e335d270 introduces the setrlimit syscall in an init function (matching the stack trace), released in Go 1.19.
This issue should be closed once the following are merged:
Some Go programs crashed but some didn't.
For example shiori has ~@resources
set but still runs pretty fine. (However its tests
failed for unknown reasons.)
cc @minijackson Could you take a look at shiori
's tests?
cc @techknowlogick dex-oidc
tests failed on my machine. Could you take a look?
cc @ehmry Could you take a look at yggdrasil
's tests?
I think I've caught 'em all.
So, anything left?
So, anything left?
Nothing :)
Great work @MidAutumnMoon for searching for all the occurrences of this, and fixing them before users noticed!
And thank @tomfitzhenry for sorting out this issue and reviewing changes.
Describe the bug
On 95aeaf83c247b8f5aa561684317ecd860476fcd6 (nixos-unstable), services.dnscrypt-proxy2 is crashing (core dumping) on startup, due to SECCOMP error.
Steps To Reproduce
Steps to reproduce the behavior:
nix-build -A driverInteractive nixos/tests/dnscrypt-proxy2.nix && ./result/bin/nixos-test-driver
The tests succeeds https://hydra.nixos.org/build/196222051 but dnscrypt-proxy2 actually fails to start.
Excerpt from VM log:
From dmesg:
Expected behavior
dnscrypt-proxy2 should startup, and listen for DNS requests.
Notify maintainers
@joachifm