daemon-util incorrect usage of start-stop-daemon

[chas-mafli]

On debian buster at least with ganeti 2.16 daemon-util uses the --startas flag to start-stop-daemon which causes errors like Can't start Ganeti master: start-stop-daemon: matching only on non-root pidfile /var/run/ganeti/ganeti-luxid.pid is insecure.

I managed to fix this by switching --startas to --exec in daemon-util

Here's the same bug in exim https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921557

[alfonso-escribano]

Same problem on debian bullseye with ganeti 3.0.2-1 and on debian bookworm with ganeti 3.0.2-3 Changing "--startas" for "--exec" solves the problem. Could be possible to fix this issue for ganeti 3.1.1 release or next bugfix release in 3.1?

[saschalucas]

The problem describe here seems to need some special circumstances to to occur. Normal stop/start via systemctl works without this error.

But it seems to occur, when some daemons are started by the watcher: https://github.com/ganeti/ganeti/blob/ec714797092409db4200dfe07e4c66ad1b66284b/lib/watcher/init.py#L99-L111

Then pid-files are created, which by a second start via systemctl leads to the above error. The error can be resolved by a stop/start cycle via systemctl.

start-stop-daemon(8) explains that --exec:

... might not work as intended with interpreted scripts, as the executable will point to the interpreter. Take into account processes running from inside a chroot will also be matched ...

Under normal circumstances chroot/containers should be negligible?

[alfonso-escribano]

Could be possible to change the use of "start-stop-daemon" in "daemon-util" to using systemctl directly?

[zen2]

Could be possible to change the use of "start-stop-daemon" in "daemon-util" to using systemctl directly? Not all Linux systems use systemd. Happy ganeti cluster admin using openrc here.