Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled SUCCESS

In reply to: S. Ross Gohlke: "Re: hastd not working, getgroups failure, COMPAT_FREEBSD14 enabled SUCCESS"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: S. Ross Gohlke <ross_at_bisd.ro>
Date: Wed, 27 Aug 2025 11:41:31 UTC

On 8/26/25 17:18, S. Ross Gohlke wrote:
>
> On 8/26/25 15:32, Kyle Evans wrote:
>> On 8/26/25 15:05, S. Ross Gohlke wrote:
>>> I tried running the latest PRERELEASE snapshot obtained from 
>>> <https://download.freebsd.org/snapshots/amd64/15.0-PRERELEASE/>, 
>>> published on Aug. 22.
>>>
>>> The hastd rc service starts but "hastctl status" fails with the 
>>> following error message:
>>> [CRIT] Assertion failed: (getgroups(0, NULL) == 1), function 
>>> drop_privs, file /usr/src/sbin/hastd/subr.c, line 287.
>>>
>>> I have followed the "UPDATING stuff" thread on this list about 14 
>>> compatibility, and my understanding is that getgroups syscalls 
>>> should work as long as the kernel has "options COMPAT_FREEBSD14" 
>>> enabled.
>>>
>>> I am running a custom kernel, but it is based on MINIMAL, so 
>>> "options COMPAT_FREEBSD14" is enabled.
>>>
>>> % sysctl kern.conftxt | grep COMPAT_FREEBSD14
>>> options    COMPAT_FREEBSD14
>>>
>>> Am I doing something wrong? Might this be fixed in the next snapshot 
>>> (due Thursday)?
>>>
>>
>> Bah; I had adjusted the assertions, but overlooked one that doesn't 
>> make sense.  The last
>> two could probably be coalesced, but it's probably worth being sure 
>> that we don't still
>> return one gid if room was created for whatever reason.  Try this:
>>
>> diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
>> index 284fb0d07647..add1280e960b 100644
>> --- a/sbin/hastd/subr.c
>> +++ b/sbin/hastd/subr.c
>> @@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res)
>>         PJDLOG_VERIFY(rgid == pw->pw_gid);
>>         PJDLOG_VERIFY(egid == pw->pw_gid);
>>         PJDLOG_VERIFY(sgid == pw->pw_gid);
>> -       PJDLOG_VERIFY(getgroups(0, NULL) == 1);
>> +       PJDLOG_VERIFY(getgroups(0, NULL) == 0);
>>         PJDLOG_VERIFY(getgroups(1, gidset) == 0);
>>
>>         pjdlog_debug(1,
>>
> I patched /usr/src/sbin/hastd/subr.c (just edited the file) and 
> rebuilt hastctl and now it works. I did not have to rebuild hastd.
>
> # nano /usr/src/sbin/hastd/subr.c
>
> <change the line>
>
> # cd /usr/src/sbin/hastctl
>
> # make -j8
>
> # ./hastctl status
>
> Gives proper output and no error.
>
>
> Thanks for the help and prompt response,
>
> Ross
>
Correction: I did have to rebuild hastd as well. While, "hastctl status" 
worked without it, "hastctl role primary all" did not until I rebuilt hastd.

# cd /usr/src/sbin/hastd

# make -j8

# cp -p ./hastd /sbin