Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled SUCCESS

Reply: Kyle Evans : "Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled SUCCESS"
Reply: S. Ross Gohlke: "Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled SUCCESS"
In reply to: Kyle Evans : "Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: S. Ross Gohlke <ross_at_bisd.ro>
Date: Tue, 26 Aug 2025 22:18:14 UTC

On 8/26/25 15:32, Kyle Evans wrote:
> On 8/26/25 15:05, S. Ross Gohlke wrote:
>> I tried running the latest PRERELEASE snapshot obtained from 
>> <https://download.freebsd.org/snapshots/amd64/15.0-PRERELEASE/>, 
>> published on Aug. 22.
>>
>> The hastd rc service starts but "hastctl status" fails with the 
>> following error message:
>> [CRIT] Assertion failed: (getgroups(0, NULL) == 1), function 
>> drop_privs, file /usr/src/sbin/hastd/subr.c, line 287.
>>
>> I have followed the "UPDATING stuff" thread on this list about 14 
>> compatibility, and my understanding is that getgroups syscalls should 
>> work as long as the kernel has "options COMPAT_FREEBSD14" enabled.
>>
>> I am running a custom kernel, but it is based on MINIMAL, so "options 
>> COMPAT_FREEBSD14" is enabled.
>>
>> % sysctl kern.conftxt | grep COMPAT_FREEBSD14
>> options    COMPAT_FREEBSD14
>>
>> Am I doing something wrong? Might this be fixed in the next snapshot 
>> (due Thursday)?
>>
>
> Bah; I had adjusted the assertions, but overlooked one that doesn't 
> make sense.  The last
> two could probably be coalesced, but it's probably worth being sure 
> that we don't still
> return one gid if room was created for whatever reason.  Try this:
>
> diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
> index 284fb0d07647..add1280e960b 100644
> --- a/sbin/hastd/subr.c
> +++ b/sbin/hastd/subr.c
> @@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res)
>         PJDLOG_VERIFY(rgid == pw->pw_gid);
>         PJDLOG_VERIFY(egid == pw->pw_gid);
>         PJDLOG_VERIFY(sgid == pw->pw_gid);
> -       PJDLOG_VERIFY(getgroups(0, NULL) == 1);
> +       PJDLOG_VERIFY(getgroups(0, NULL) == 0);
>         PJDLOG_VERIFY(getgroups(1, gidset) == 0);
>
>         pjdlog_debug(1,
>
I patched /usr/src/sbin/hastd/subr.c (just edited the file) and rebuilt 
hastctl and now it works. I did not have to rebuild hastd.

# nano /usr/src/sbin/hastd/subr.c

<change the line>

# cd /usr/src/sbin/hastctl

# make -j8

# ./hastctl status

Gives proper output and no error.


Thanks for the help and prompt response,

Ross