current-users: Problems with postfix in -current (2006/12/16)

Subject: Problems with postfix in -current (2006/12/16)
To: None <current-users@netbsd.org>
From: Paulo Alexandre Pinto Pires <p@ppires.org>
List: current-users
Date: 12/17/2006 03:27:59

--nextPart3291812.Lq0l81gD7k
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello.

I updated my amd64 box with -current today (2006/12/16).  As soon as I boot=
ed=20
with a new kernel (before building userland), my good-old postfix+uucp setu=
p=20
started to fail with messages being delivered but never leaving the uucp=20
spool directory.  I tracked the problem down to Postfix, that was exiting=20
with non-zero exit code.

With some ktrussing and poking with source code, I found that the call to=20
setrlimit() in util/open_limit.c, which is used by postdrop, was failing wi=
th=20
EPERM, as we can see below (including the debug messages I added to=20
open_limit() function).

  pappires@mateus:/tmp [43]: ls -l | mail -v -s Teste10 p@ap.ppires.org
  after getrlimit(): euid=3D1001, egid=3D11, limit=3D256, rl.rlim_max=3D177=
2,=20
rl.rlim_cur=3D1024
  before setrlimit(): limit=3D256, rl.rlim_max=3D1772, rl.rlim_cur=3D256
  setrlimit() failed: Operation not permitted.
  postdrop: fatal: unable to determine open file limit
  sendmail: warning: premature end-of-input on /usr/sbin/postdrop -r while=
=20
reading input attribute name
  sendmail: fatal: pappires(1001): queue file write error

I could not understand why the code failed, since it is not pushing beyond =
the=20
hard limit.  I was even more puzzled by the fact that when I copied the cod=
e=20
from open_limit() to a new program, compiled it and ran it, it ran OK. =20
However, if I set the setgid bit in the separate program (to have it look=20
more like postdrop), it no longer runs.

So I now know why it fails, but I don't understand the reason why a setgid=
=20
program cannot call setrlimit() in that way.  If there is a good reason, at=
=20
least postfix should be fixed to comply with it.

=2D-=20
	Pappires

=2E.. Qui habet aurem audiat quid Spiritus dicat ecclesiis.

--nextPart3291812.Lq0l81gD7k
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iD8DBQBFhNVnA7Y2QNkoMq8RAolFAJ9OyvaW4EH7JxT+wtWr2uxT/3Qe/QCeMgLb
2ay5mZ60E3TbnAmPzDGftzM=
=lQfB
-----END PGP SIGNATURE-----

--nextPart3291812.Lq0l81gD7k--