On 8/26/25 15:05, S. Ross Gohlke wrote:
I tried running the latest PRERELEASE snapshot obtained from
<https://download.freebsd.org/snapshots/amd64/15.0-PRERELEASE/>, published on
Aug. 22.
The hastd rc service starts but "hastctl status" fails with the following error
message:
[CRIT] Assertion failed: (getgroups(0, NULL) == 1), function drop_privs, file
/usr/src/sbin/hastd/subr.c, line 287.
I have followed the "UPDATING stuff" thread on this list about 14 compatibility, and my
understanding is that getgroups syscalls should work as long as the kernel has "options
COMPAT_FREEBSD14" enabled.
I am running a custom kernel, but it is based on MINIMAL, so "options
COMPAT_FREEBSD14" is enabled.
% sysctl kern.conftxt | grep COMPAT_FREEBSD14
options COMPAT_FREEBSD14
Am I doing something wrong? Might this be fixed in the next snapshot (due
Thursday)?
Bah; I had adjusted the assertions, but overlooked one that doesn't make sense.
The last
two could probably be coalesced, but it's probably worth being sure that we
don't still
return one gid if room was created for whatever reason. Try this:
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
index 284fb0d07647..add1280e960b 100644
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res)
PJDLOG_VERIFY(rgid == pw->pw_gid);
PJDLOG_VERIFY(egid == pw->pw_gid);
PJDLOG_VERIFY(sgid == pw->pw_gid);
- PJDLOG_VERIFY(getgroups(0, NULL) == 1);
+ PJDLOG_VERIFY(getgroups(0, NULL) == 0);
PJDLOG_VERIFY(getgroups(1, gidset) == 0);
pjdlog_debug(1,
