Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 May 2024 16:37:44 +0200
From:      Baptiste Daroussin <bapt@freebsd.org>
To:        "Patrick M. Hausen" <hausen@punkt.de>
Cc:        Freebsd Stable <freebsd-stable@freebsd.org>
Subject:   Re: pkg check -s - why does it try to open the pkg DB in r/w mode?
Message-ID:  <ldjgqdfeg2zpnybjvpznv4i2biupmk65tiwmj2y6vysochrvic@ou4bw7kur7fq>
In-Reply-To: <BF421870-5993-4580-97BD-11E86509ED63@punkt.de>
References:  <BF421870-5993-4580-97BD-11E86509ED63@punkt.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue 21 May 12:54, Patrick M. Hausen wrote:
> Hi all,
> 
> we have this jail based hosting environment and I began to debug some odd error message
> of the daily security check output:
> 
> -----------
> pkg: Insufficient privileges
> -----------
> 
> The cause was quickly found with truss:
> 
> -----------
> 14199: openat(AT_FDCWD,"/var/db/pkg",O_RDONLY|O_DIRECTORY|O_CLOEXEC,00) = 5 (0x5)
> 14199: fstatat(5,".",{ mode=drwxr-xr-x ,inode=34,size=5,blksize=4096 },0x0) = 0 (0x0)
> 14199: faccessat(5,".",R_OK,AT_EACCESS) = 0 (0x0)
> 14199: fstatat(5,"local.sqlite",{ mode=-rw-r--r-- ,inode=2,size=109010944,blksize=131072 },0x0) = 0 (0x0)
> 14199: faccessat(5,"local.sqlite",R_OK,AT_EACCESS) = 0 (0x0)
> 14199: fstatat(5,".",{ mode=drwxr-xr-x ,inode=34,size=5,blksize=4096 },0x0) = 0 (0x0)
> 14199: faccessat(5,".",R_OK,AT_EACCESS) = 0 (0x0)
> 14199: fstatat(5,"local.sqlite",{ mode=-rw-r--r-- ,inode=2,size=109010944,blksize=131072 },0x0) = 0 (0x0)
> 14199: faccessat(5,"local.sqlite",W_OK,AT_EACCESS) ERR#30 'Read-only file system'
> pkg: 14199: write(2,"pkg: ",5) = 5 (0x5)
> Insufficient privileges14199: write(2,"Insufficient privileges",23) = 23 (0x17)
> -----------
> 
> Yes, we mount lots of things into the jails r/o. The daily script runs `pkg -qsa` for a checksum check
> of all installed packages.
> 
> 
> Question: why does pkg need the database to be r/w for a -s/--checksum check?
> 

It does not anymore in git, I removed that need a couple of weeks ago, not yet
in the release.

Best regards,
Bapt

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ldjgqdfeg2zpnybjvpznv4i2biupmk65tiwmj2y6vysochrvic>