Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled
Date: Tue, 26 Aug 2025 20:32:04 UTC
On 8/26/25 15:05, S. Ross Gohlke wrote:
> I tried running the latest PRERELEASE snapshot obtained from <https://download.freebsd.org/snapshots/amd64/15.0-PRERELEASE/>, published on Aug. 22.
>
> The hastd rc service starts but "hastctl status" fails with the following error message:
> [CRIT] Assertion failed: (getgroups(0, NULL) == 1), function drop_privs, file /usr/src/sbin/hastd/subr.c, line 287.
>
> I have followed the "UPDATING stuff" thread on this list about 14 compatibility, and my understanding is that getgroups syscalls should work as long as the kernel has "options COMPAT_FREEBSD14" enabled.
>
> I am running a custom kernel, but it is based on MINIMAL, so "options COMPAT_FREEBSD14" is enabled.
>
> % sysctl kern.conftxt | grep COMPAT_FREEBSD14
> options COMPAT_FREEBSD14
>
> Am I doing something wrong? Might this be fixed in the next snapshot (due Thursday)?
>
Bah; I had adjusted the assertions, but overlooked one that doesn't make sense. The last
two could probably be coalesced, but it's probably worth being sure that we don't still
return one gid if room was created for whatever reason. Try this:
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
index 284fb0d07647..add1280e960b 100644
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res)
PJDLOG_VERIFY(rgid == pw->pw_gid);
PJDLOG_VERIFY(egid == pw->pw_gid);
PJDLOG_VERIFY(sgid == pw->pw_gid);
- PJDLOG_VERIFY(getgroups(0, NULL) == 1);
+ PJDLOG_VERIFY(getgroups(0, NULL) == 0);
PJDLOG_VERIFY(getgroups(1, gidset) == 0);
pjdlog_debug(1,