search

apache / trafficserver

Apache Traffic Server™ is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server.
https://trafficserver.apache.org/
Apache License 2.0
1.8k stars 798 forks source link

Fatal error when starting traffic_manager as non-root if storage is configured: " failed to acquire privileged capabilities: Operation not permitted" #6944

Open ema opened 4 years ago

ema commented 4 years ago

With an empty storage.config, traffic_manager can be started as non-root without issues.

However, trying to configure storage makes traffic_manager fail with a FATAL error:

[Jun 24 11:44:14.165] traffic_manager FATAL: failed to acquire privileged capabilities: Operation not permitted

The following script reproduces the bug:

#!/bin/bash

cat <<EOF > /tmp/layout.yaml
prefix: /tmp/test
exec_prefix: /tmp/test
bindir: /tmp/test/bin
sbindir: /tmp/test/sbin
sysconfdir: /tmp/test/etc
datadir: /tmp/test/var/cache
includedir: /tmp/test/include
libdir: /usr/lib/trafficserver
libexecdir: /usr/lib/trafficserver/modules
localstatedir: /tmp/test/var
runtimedir: /tmp/test/var/run
logdir: /tmp/test/var/log
cachedir: /tmp/test/var/cache
EOF

traffic_layout init -f -p /tmp/test -l /tmp/layout.yaml --copy-style=soft

echo CONFIG proxy.config.admin.user_id STRING $(whoami) > /tmp/test/etc/records.config

# No FATAL commetning the following line
echo /tmp/test/var/cache/ 1M > /tmp/test/etc/storage.config

traffic_manager --nosyslog --run-root=/tmp/test/runroot.yaml

Here's manager.log:

[Jun 24 11:50:08.896] traffic_manager STATUS: opened /tmp/test/var/log/manager.log
[Jun 24 11:50:08.896] traffic_manager NOTE: updated diags config
[Jun 24 11:50:08.896] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: logging.yaml
[Jun 24 11:50:08.896] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file logging.yaml
[Jun 24 11:50:08.914] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: socks.config
[Jun 24 11:50:08.914] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file socks.config
[Jun 24 11:50:08.934] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: cache.config
[Jun 24 11:50:08.934] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file cache.config
[Jun 24 11:50:08.942] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: ip_allow.config
[Jun 24 11:50:08.942] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file ip_allow.config
[Jun 24 11:50:08.946] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: parent.config
[Jun 24 11:50:08.947] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file parent.config
[Jun 24 11:50:08.955] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: remap.config
[Jun 24 11:50:08.955] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file remap.config
[Jun 24 11:50:08.962] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: volume.config
[Jun 24 11:50:08.962] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file volume.config
[Jun 24 11:50:08.965] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: hosting.config
[Jun 24 11:50:08.965] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file hosting.config
[Jun 24 11:50:08.971] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: plugin.config
[Jun 24 11:50:08.971] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file plugin.config
[Jun 24 11:50:08.980] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: splitdns.config
[Jun 24 11:50:08.980] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file splitdns.config
[Jun 24 11:50:08.985] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: ssl_multicert.config
[Jun 24 11:50:08.985] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file ssl_multicert.config
[Jun 24 11:50:08.991] traffic_manager NOTE: [RollBack::Rollback] Missing Configuration File: ssl_server_name.yaml
[Jun 24 11:50:08.991] traffic_manager NOTE: [RollBack::Rollback] Created zero length place holder for config file ssl_server_name.yaml
[Jun 24 11:50:08.997] traffic_manager NOTE: [LocalManager::listenForProxy] Listening on port: 8080 (ipv4)
[Jun 24 11:50:08.997] traffic_manager NOTE: [LocalManager::listenForProxy] Listening on port: 8080 (ipv6)
[Jun 24 11:50:08.998] traffic_manager NOTE: [TrafficManager] Setup complete
[Jun 24 11:50:09.999] traffic_manager NOTE: [ProxyStateSet] Traffic Server Args: ' -M'
[Jun 24 11:50:09.999] traffic_manager NOTE: [LocalManager::listenForProxy] Listening on port: 8080 (ipv4)
[Jun 24 11:50:09.999] traffic_manager NOTE: [LocalManager::listenForProxy] Listening on port: 8080 (ipv6)
[Jun 24 11:50:09.999] traffic_manager NOTE: [LocalManager::startProxy] Launching ts process
[Jun 24 11:50:10.033] traffic_manager NOTE: [LocalManager::pollMgmtProcessServer] New process connecting fd '12'
[Jun 24 11:50:10.033] traffic_manager NOTE: [Alarms::signalAlarm] Server Process born
[Jun 24 11:50:12.116] traffic_manager FATAL: failed to acquire privileged capabilities: Operation not permitted
[Jun 24 11:50:12.116] traffic_manager NOTE: [LocalManager::mgmtShutdown] Executing shutdown request.
[Jun 24 11:50:12.116] traffic_manager NOTE: [LocalManager::processShutdown] Executing process shutdown request.

And diags.log:

[Jun 24 11:50:12.046] traffic_server STATUS: opened /tmp/test/var/log/diags.log
[Jun 24 11:50:12.046] traffic_server NOTE: updated diags config
[Jun 24 11:50:12.055] traffic_server NOTE: ip_allow.config updated, reloading
[Jun 24 11:50:12.055] traffic_server WARNING: IpAllow No entries in /tmp/test/etc/ip_allow.config. All IP Addresses will be blocked
[Jun 24 11:50:12.055] traffic_server WARNING: Unable to open file /tmp/test/var/run/host.db; [Error]: No such file or directory
[Jun 24 11:50:12.055] traffic_server WARNING: Error loading cache from /tmp/test/var/run/host.db: -1
[Jun 24 11:50:12.056] traffic_server NOTE: loading logging.yaml
[Jun 24 11:50:12.056] traffic_server WARNING: logging.yaml is empty
[Jun 24 11:50:12.056] traffic_server NOTE: failed to reload logging.yaml
[Jun 24 11:50:12.057] traffic_server NOTE: logging initialized[3], logging_mode = 3
[Jun 24 11:50:12.058] traffic_server NOTE: loading /tmp/test/etc/ssl_server_name.yaml
[Jun 24 11:50:12.058] traffic_server WARNING: /tmp/test/etc/ssl_server_name.yaml is empty
[Jun 24 11:50:12.058] traffic_server NOTE: ssl_server_name.yaml done reloading!
[Jun 24 11:50:12.058] traffic_server NOTE: loading SSL certificate configuration from /tmp/test/etc/ssl_multicert.config
[Jun 24 11:50:12.059] traffic_server NOTE: ssl_multicert.config done reloading!
[Jun 24 11:50:12.063] traffic_server WARNING: Unable to access() directory '/tmp/test/etc/body_factory': 2, No such file or directory
[Jun 24 11:50:12.063] traffic_server WARNING:  Please set 'proxy.config.body_factory.template_sets_dir' 
[Jun 24 11:50:12.063] traffic_server WARNING: can't open response template directory '/tmp/test/etc/body_factory' (No such file or directory)
[Jun 24 11:50:12.063] traffic_server WARNING: no response templates --- using default error pages
[Jun 24 11:50:12.063] [ET_NET 5] WARNING: disk header different for disk /tmp/test/var/cache/cache.db: clearing the disk
[Jun 24 11:50:12.065] [TS_MAIN] NOTE: traffic server running
[Jun 24 11:50:12.097] [ET_NET 0] NOTE: Clearing Disk: /tmp/test/var/cache/cache.db
[Jun 24 11:50:12.102] [ET_NET 0] NOTE: clearing cache directory '/tmp/test/var/cache/cache.db 16384:126'
github-actions[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.