fixes for opensuse #25
Conversation
After the switch to make the daemon run as non-root user, it has no rights to do anything in /var/log . These suse-specific changes were missed in the commit that did the changes.
Since the change to run as non-root, the daemon cannot remove e.g. /var/cache/icecream because of no rights to modify /var/cache.
The daemon no longer runs as root.
ghost
assigned 
|
BTW, the openSUSE package will also need .spec file update, the one generated here in suse/ should do. |
|
I was fine with renaming the user to icecc, but consistency might be an advantage |
|
I'm too lazy to check to be sure, now that the user is back to 'icecream', but I think using 'icecc' (i.e. a new user) caused upgrade problems - with the daemon no longer being root, it would have trouble cleaning up /var/cache/icecream entries from the previous version. |
|
Actually I'm afraid there may upgrade problems anyway :(. I have a machine where /var/cache/icecream/target=x86_64 is owned by root:root . I do not see any other solution than extra cleaning up while still having root privileges, I'll push the change. |
|
It may just be fair to clean those directories when the rpm is updated llunak notifications@github.com schrieb:
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. |
|
Makes sense, I'll change that. |
The changes to use cap-ng and not run as root have broken icecream on suse (and not only, I'd say) in a number of ways - log file can no longer be written to /var/log, env. cache directory can no longer be completely removed if in /var/cache/icecream, user is mixed to be 'icecream' or 'icecc', and chown() fails. I think I've fixed all of these and it seems to work fine now, but as this is security relatd stuff, I'd like a review before this goes in.