Skip to main content
Topic: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others) (Read 1265 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Hi,
I was able to enable and start (runit sv up,...) some services, but one in particular is stubborn. Status is ENABLED but STATE is DOWN. The service that doesn't work with runit is stubby. Is this a bug? It gets timed out when I want to start it.

So (as sudo):

$ pacman -S stubby stubby-runit
$ ln -s /etc/runit/sv/stubby /run/runit/service/
$ sv up /run/runit/service/stubby

And I get:
$ sv status stubby
down: stubby: 0s, normally up, want up

So I did the following:
$ pacman -S rsm

and rechecked the status:
$ rsm status stubby

   SERVICE              STATE   ENABLED   PID      COMMAND           TIME
 X stubby               down    true      ---      ---               0 seconds

Still DOWN. So I did this:
$ rsm start stubby
and... got this:
[rsm] Running sv command (SVDIR=/run/runit/service/ sv start stubby):
timeout: down: stubby: 0s, normally up, want up
[rsm] [sv start stubby], exit code: 1

Still the service is DOWN. Enabled but not working. (Works with systemd). I have spent way to much time to configure Artix to just give up now. Any idea? Is this a bug?

P.S.: $ man rsm gives nothing (doesn't exist). No explanations for exit codes.

 

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #1
stubby is run using user 'stubby' by the service.
Did you set the listen port to one above 1024 in /etc/stubby/stubby.yml ?
That is required to have a non-privileged user to be allowed to bind to the address.
artist

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #2
al
stubby is run using user 'stubby' by the service.
Did you set the listen port to one above 1024 in /etc/stubby/stubby.yml ?
That is required to have a non-privileged user to be allowed to bind to the address.
artist

I don't know what are you talking about. Other services are OK with runit, stubby doesn't work with runit. Stubby works with systemd only. Can you fix it?

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #3
Hi,
I was able to enable and start (runit sv up,...) some services, but one in particular is stubborn. Status is ENABLED but STATE is DOWN. The service that doesn't work with runit is stubby. Is this a bug? It gets timed out when I want to start it.

So [all done as sudo and su -] :

$ pacman -S stubby stubby-runit
$ ln -s /etc/runit/sv/stubby /run/runit/service/
$ sv up /run/runit/service/stubby

And I get:
$ sv status stubby
down: stubby: 0s, normally up, want up

So I did the following:
$ pacman -S rsm

and rechecked the status:
$ rsm status stubby

   SERVICE              STATE   ENABLED   PID      COMMAND           TIME
 X stubby               down    true      ---      ---               0 seconds

Still DOWN. So I did this:
$ rsm start stubby
and... got this:
[rsm] Running sv command (SVDIR=/run/runit/service/ sv start stubby):
timeout: down: stubby: 0s, normally up, want up
[rsm] [sv start stubby], exit code: 1

Still the service is DOWN. Enabled but not working. (Works with systemd). I have spent way to much time to configure Artix to just give up now. Any idea? Is this a bug?

Expected result:
1. Install stubby+stubby-runit
2. Create symlinks
3. Enable + start stubby (sv up or rsm start)
4. All should work (just like $ systemctl start stubby && systemctl enable stubby), i.e. service should not only be ENABLED (current state in runit) but should also RUN (current status is DOWN). RUNIT SHOULD MANGE ALL SERVICES. This one (stubby) cannot be started. Runit can only enable it, but NOT start. Sytemd can both ENABLE and START Services. If runit cannot start services what kind of service manager is this then?
[/b]


P.S.: $ man rsm gives nothing (doesn't exist). No explanations for exit codes.  I have no idea what those exit codes mean.

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #4
al
I don't know what are you talking about. Other services are OK with runit, stubby doesn't work with runit. Stubby works with systemd only. Can you fix it?
First, a quote from the stubby man page:
Quote
stubby is in the early stages of development but is suitable for technical/advanced users.
as with any service, you need to at least check what is the default configuration for the service, as suggested by Artist.

Checking out /etc/runit/sv/stubby/run gives:
Code: [Select]
$ cat /etc/runit/sv/stubby/run
#!/bin/sh
exec chpst -u stubby stubby
in other words, that service is run not as root user (there is no "sudo" user, sudo is a privilege escalating program, but that is something a "technical/advanced user" should know), but as ordinary user account "stubby" reserved for running stubby. You can check its existence by doing
Code: [Select]
$ grep stubby /etc/passwd
Many services use this approach, as it is more secure. However, ordinary user accounts cannot normally bind ports below 1024. This is by design. So, you will need to configure stubby to use a port above 1024.



Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #7
As strajder and Artist noticed, this is not an incompatibility, but the simple fact that ports under 1024 are root-only under Linux (and most BSDs, for that matter). The systemd service for stubby works because it uses systemd's hardcoded support for Linux capabilities so it can bind to ports <= 1024 despite not being root.

For runit, you achieve a similar result by adding the cap_net_bind_service capability to the stubby binary:

On a terminal:
Code: [Select]
sudo setcap cap_net_bind_service+eip /usr/bin/stubby

Then your service definition should work unchanged.



The "correct" way would for it to accept a prebound socket on its standard input, so we could use runit's tcpsvd, or systemd's socket activation, to bind the socket as root then drop root after getting the connection.

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #8
Does stubby work if you start it by executing commands from /etc/runit/sv/stubby/run manually?
ARMtix

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #9
P.S.: $ man rsm gives nothing (doesn't exist). No explanations for exit codes.  I have no idea what those exit codes mean.
rsm is a Bash script. You can list its contents with less or open it up in any text editor.

If you were not sure what type it is:
Code: [Select]
$ file $(which rsm)
/usr/bin/rsm: Bourne-Again shell script, Unicode text, UTF-8 text executable
list:
Code: [Select]
$ less $(which rsm)
Exit code printed in this case is the exit code from the sv program. (It can be seen on line 610, do_sv_cmd function.)

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #10
Please don't double post. There is already a post with the same topic:

https://forum.artixlinux.org/index.php/topic,3302.msg21490/

Edit: Merged.

No.
Port 53 and 853 are for DNS. Latter for DNS over TLS. This is how ALL provided DNSes have it configured. Systemd as service manger is capable of both ENABLING and STARTING services. It is a service manger. I download Artix with runit services manager and everything is broken. So lets list it:
1. I have to install additional package with "-runit" on top of the normal "service name" package
2. I have to create special confusing symlinks before I can start the service
3. I have to read documentation because the symlink has to be in some confusing SUBFOLDER otherwise it will not work (really NOT KISS if one have to dig and dig the documentation to find it in the wiki text)
4. Then I have to enable the service and it will be enabled.
5. Then I have to sart the service but the service manager cannot do it (unlike systemd in Fedora and Debian). I am left with non working service.
6. I am faced with unfriendly forum and excuses.

As a user, I See the following:
       SYSTEM D                                                                                                                                RUNIT  
1. pacman -S stubby                                                                              1. pacman -S stubby
2. systemctl enable stubby && systemctl start stubby             2. pacman -S stubby-runit
4. DONE and ready to use service!                                                   3. ln -s /etc/runit/sv/stubby /run/runit/service/
                                                                                                                       4. sv up /run/runit/service/stubby
                                                                                                                       5. still cannot use the service- its broken
                                                                                                                       6. pacman -S rsm
                                                                                                                       7. rsm start stubby
                                                                                                                       8. still cannot use the service. broken.
                                                                                                                       9. man rsm ==> no such thing

Nobody is forcing you to use OUR distro.  Go home and make your OWN. Thank you.

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #11
stubby is run using user 'stubby' by the service.
Did you set the listen port to one above 1024 in /etc/stubby/stubby.yml ?
That is required to have a non-privileged user to be allowed to bind to the address.
artist

I believe the service definition for stubby can be amended to use setpriv from util-linux instead of chpst, or the stubby package itself be changed so the CAP_NET_BIND_SERVICE is pre-added to the file. This would allow it to be launched without users having to first edit the configuration file.

setpriv is a also a chainloader, i. e. runit can still monitor services launched from setpriv just fine like it can manage processes launched from chpst.

(and as OP notices, changing the port is not viable, as the standard DNS/DoH ports are below 1024).

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #12
Nobody is forcing you to use OUR distro.  Go home and make your OWN. Thank you.
Are you talking to yourself? :P

stubby is not something for beginners, as already explained.

For me (and others who use Artix and other non-systemd distros) the wrongs of systemd far outweigh any perceived benefits. You can check out the links in my signature for more details:

https://suckless.org/sucks/systemd
https://nosystemd.org/

You are, of course, free to use whatever system you feel like (even multiple systems!). But please don't preach systemd on a forum of a non-systemd distro. That is called trolling.

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #13
Are you talking to yourself? :P

stubby is not something for beginners, as already explained.

For me (and others who use Artix and other non-systemd distros) the wrongs of systemd far outweigh any perceived benefits. You can check out the links in my signature for more details:

https://suckless.org/sucks/systemd
https://nosystemd.org/

You are, of course, free to use whatever system you feel like (even multiple systems!). But please don't preach systemd on a forum of a non-systemd distro. That is called trolling.
Not a solution. Not a KISS approach. The answer: its too complicated, don't use it doesn't satisfy anyone. Not to mention the ports. Oh wow!

Re: Is This A Runit Bug (Enabled but Cannot Start- Unlike Others)

Reply #14
@Runner, does setcap make it possible to start the service under runit?