You are not logged in.

#1 2022-01-22 13:56:53

Daerandin
Member
From: Norway
Registered: 2013-05-07
Posts: 267
Website

[SOLVED] murmur 1.4.230-1 coredump on client connection

I am unfamiliar with many details of systemd service files and was wondering if someone else might have an idea on this topic.

murmur coredumps whenever a client connects when I start it as a systemd service using the default service file. I thought the new version required changes to the murmur.ini file, but that turned out to be false. The fact that it was coredumping eluded me for a while as the systemd status command didn't reflect this.

After some testing I discovered that if I simply ran murmurd directly it would work perfectly, which led me to suspect an issue with the service configuration file. The deafult file that ships with the package in testing looks like this:

[Unit]
Description=Mumble Daemon
Documentation=man:murmurd(1)
After=network.target
Wants=network-online.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/murmurd -ini /etc/murmur.ini -fg
Group=murmur
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=true
PrivateTmp=true
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=true
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=~AF_PACKET AF_NETLINK
RestrictNamespaces=yes
RestrictSUIDSGID=yes
RestrictRealtime=yes
Restart=always
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
Type=simple
User=murmur

[Install]
WantedBy=multi-user.target

After a bit of trial and error, I discovered that if I comment out the line

SystemCallFilter=~@resources @privileged

then it works. If I change the order of the two SystemCallFilter lines while keeping them uncommented, it also works. I simply don't know if there is an error in the configuration file causing this, or if there is something else going on.

EDIT: Opened a bugreport: https://bugs.archlinux.org/task/73466

Last edit: Fixed in 1.4.230-2

Last edited by Daerandin (2022-01-24 15:50:00)

Offline

Board footer

Powered by FluxBB