Hi, On Tue, 07 May 2024 15:08:37 +0200 Martin Steigerwald <mar...@lichtvoll.de> wrote:
>[...] > > Are init scripts supposed to be started with PATH variable set up and > exported or not? How is it done with SysVInit? I bet it would be best > to match as close as possible what SysVInit is doing to be as > compatible as possible. I checked this and in sysvinit you don't have this bug because during boot sysvscripts are run via /etc/ini.d/rc script, and there is an 'export PATH' there. It could probably be triggered by calling the script directly during runtime. In runit we are calling scripts directly in stage1 so we have this bug > > Otherwise it might be challenging to chase and find all the corner > cases with existing setups. And as there is no issue initializing the > network in the container with SysVInit instead of Runit used as PID > 1, I'd consider a change in Runit. At least it could be challenging > to find whether networking inside a container is the only thing that > breaks. I want to dig this further, I don't recall broken network under docker and I don't think is broken under qemu, but I can be wrong or remember something from before /etc/init.d/rc usage was dropped from stage1 > > > > > > I just wonder why stage 2 contains /usr/local bin directories. I > > > think that should not be the case. Shall I report this as a > > > different issue? > > > > PATH is passed to env call for runsvdir, so I guess one can exec a > > bin from local as runscript (not sure) without setting the PATH. I > > can't think of other use cases.. > > I'm fine with removing, just a bit wary, I'm afraid to break some > > custom setup > > Hmm, I get that. I am just a bit concerned as it may be a security > issue. not urgent, but could you elaborate this (security implications)? is something like an attacker placing a modified foo in /usr/local/ that overrides the legit foo in /usr/bin or is something else? one still needs root privileges to write to /usr/local.. Lorenzo > > > > I added empty "debug" and "verbose" files in /etc/runit but did > > > not find any debug output. Maybe those files needed to have some > > > content. Maybe it requires bootlogd. > > > > those files only work for runit stuff (runscripts and the sv > > trigger), boot scripts are for sysvinit and do not obey to runit > > settings :( perhaps it's time to roll some native runit > > bootscripts.. > > I see. Well that would be great. But also would require a lot of work > and testing I bet. > > Best,
