Dear Maintainer,
Supervise-daemon handler
supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
has problems with handling the no_new_privs parameter!
at line 41 we have the following code:
${no_new_privs:+--no_new_privs} \
And there is no '--no_new_privs' option in supervise-daemon, only
'--no-new-privs'.
So, line 41 should be replaced with
${no_new_privs:+--no-new-privs} \
But, this is not the only problem.
Instead of checking if 'no_new_privs' is set to positive boolean value,
we are just checking if
its not empty! So, if there is 'no_new_privs=false' or even
'no_new_privs=BlaBla' in service file, we are setting '--no-new-privs'
flag anyway!
I think, the following code:
if ! yesno "$no_new_privs"; then
no_new_privs=""
fi
should be added before line 23.
With that, everything works as excepted and there is no more
'--no-new-privs' flag if
'no_new_privs' option is not positive boolean value.
Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: OpenRC (via /run/openrc), PID 1: openrc-init
Versions of packages openrc depends on:
ii insserv 1.24.0-1
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u7
ii libeinfo1 0.45.2-2+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii librc1 0.45.2-2+deb12u1
ii libselinux1 3.4-1+b6