[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
Rowland Penny
rpenny at samba.org
Wed Sep 1 08:14:59 UTC 2021
On Wed, 2021-09-01 at 09:48 +0200, L.P.H. van Belle via samba wrote:
> Gooe morning,
>
> I'll CC Alexander Bokovoy in this on, i think he can tell us more on
> this.
> Before this ends up in a bloodbath ;-)
>
> No, joking her, but i think these guys can tell us.
>
> Rowland, Why do you think that we should not set Type.
> SystemD cant deteriming what type of program is running.
I am not a systemd expert (I tend towards not using it, but will use it
if I have to), but I can read manpages
>
> Type must be set and if its not set, type is "simple" ( as Roy also
> noticed )
> If type is simple, it just used /etc/init.d/samba start/stop
So, 'Type' doesn't need to be set.
>
> But simple is wrong, just because it wont catch errors when starting
> up..
> Quote: systemctl start command lines for simple services will
> report
> success even if the service's binary cannot be invoked successfully
Not a problem, systemd might not catch the errors, but the samba logs
will.
>
> All i can say is, the Samba team is using "notify" some time.
> And only somehere in Samba 4.12/4.13 NotifyAccess= is removed from
> all service files in the samba sources.
Perhaps, but from my understanding of systemd, 'notify' expects just
the main program to notify it, not sub programs.
>
> And after this CVE fix in systemd, its not correct anymore in my
> opionion
> If NotifyAccess= isnt defined, then NotifyAccess=main and
> main isnt correct for samba-ad-dc, because of the extra processes
> starting.
No it has been going on for some time.
>
> I dont know how its exact implemeted in samba, i leave that to the
> devs.
>
> And lets keek the focus on this that it ONLY involves samba-ad-
> dc.service
>
> So NotifyAccess=all was removed in this commit
> https://gitlab.com/thctlo1/samba/-/commit/d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc
> Which was correct at that time, but things changed.
>
> Lets wait what Alexander or Andreas can tell us on this.
I am open to persuasion on this, so lets wait until someone can explain
why not having 'Type' is a bad idea. Lets be honest, starting a Samba
DC from an init script worked well for years.
Rowland
More information about the samba
mailing list