Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/munge: run munge as user munge instead of root. #41509

Merged
merged 1 commit into from
Jun 8, 2018

Conversation

markuskowa
Copy link
Member

Motivation for this change

The munge daemon does not require root privileges.

Fixes #41092

Things done
  • Added a note in release notes (incompatibilities)
  • Adapt slurm test
  • Change user to munge in service.munge
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
    The slurm test requires munge to run and thus serves also as a test for munge.
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@GrahamcOfBorg GrahamcOfBorg added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Jun 5, 2018
* Added a note in release notes (incompatibilities)
* Adapt slurm test
* Change user to munge in service.munge
@xeji
Copy link
Contributor

xeji commented Jun 8, 2018

@GrahamcOfBorg test slurm

@GrahamcOfBorg
Copy link

Failure on x86_64-linux (full log)

Attempted: tests.slurm

Partial log (click to expand)

cleaning up
killing submit (pid 593)
killing node2 (pid 605)
killing node1 (pid 617)
killing node3 (pid 629)
killing control (pid 641)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
builder for '/nix/store/3ckhn2yaakzq16hbljangai01incn4cs-vm-test-run-slurm.drv' failed with exit code 255
error: build of '/nix/store/3ckhn2yaakzq16hbljangai01incn4cs-vm-test-run-slurm.drv' failed

@xeji
Copy link
Contributor

xeji commented Jun 8, 2018

Test failure is unrelated, test succeeds locally

@xeji xeji merged commit 96af022 into NixOS:master Jun 8, 2018
@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: tests.slurm

Partial log (click to expand)

test script finished in 28.03s
cleaning up
killing submit (pid 627)
killing node2 (pid 640)
killing control (pid 653)
killing node3 (pid 666)
killing node1 (pid 679)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/wdb8yd7z4isk9np1vr9qmns90ax0fgy0-vm-test-run-slurm

orivej added a commit that referenced this pull request Jun 9, 2018
* master: (71 commits)
  xen: enable parallel building
  spice: 0.13.3 -> 0.14.0
  powerline-rs: 0.1.7 -> 0.1.8 (#41736)
  xidlehook: 0.4.6 -> 0.4.8 (#41094)
  serf: update scons patch, enable kerberos on darwin
  firefox-bin: Add ffmpeg to lib path
  firefox-beta-bin: 61.0b10 -> 61.0b12
  firefox-devedition-bin: 61.0b10 -> 61.0b12
  wireguard-go: assign yegortimoshenko as maintainer
  wireguard-go: 0.0.20180519 -> 0.0.20180531
  zfs: Fix "zfs-sync" for modern systemd
  nixos/memcached: added simple set/get test
  jenkins: 2.89.4 -> 2.107.3 (#41618)
  focuswriter: 1.6.12 -> 1.6.13 (#41567)
  ne: 3.0.1 -> 3.1.1 (#41536)
  libpqxx: 6.2.3 -> 6.2.4 (#41547)
  mate.mate-applets: 1.20.1 -> 1.20.2 (#41546)
  mate.mate-themes: 3.22.16 -> 3.22.17 (#41541)
  nixos/munge: run munge as user munge instead of root. (#41509)
  pstoedit: 3.71 -> 3.73 (#41528)
  ...
@markuskowa markuskowa deleted the munge-mod-pr branch June 20, 2018 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants