admin unix-socket binds correctly only to a specific path

Question

admin unix-socket binds correctly only to a specific path

ygguser opened this issue 9 months ago · comments

If I add the AdminListen parameter equal to unix:///var/run/yggdrasil.sock to the configuration file, then the daemon (systemd) cannot be started, an error occurs: Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: read-only file

But with this parameter equal to unix:///var/run/yggdrasil/yggdrasil.sock, everything works correctly.

What could be the reason for the error in the case of AdminListen: unix:///var/run/yggdrasil.sock?

Build version: 0.5.1
Debian: bookworm/sid

Neil · Answer 1 · Sat Nov 04 2023 18:22:37 GMT+0800 (China Standard Time)

If you are using the Debian package, it is because of the policies set in the systemd service unit to prevent Yggdrasil from writing to arbitrary locations on the filesystem.

Is there a reason you need to change the path?

ygguser · Answer 2 · Sat Nov 04 2023 18:30:36 GMT+0800 (China Standard Time)

It's just that in version 0.4.7 I had the path unix:///var/run/yggdrasil.sock specified.

When switching to 0.5.1, this parameter disappeared from the configuration file and I specified it as it was before... And faced with this error...

Thanks for the tip about the service policies!
ReadWritePaths=/var/run/yggdrasil/ /run/yggdrasil/ :)

I think there is no need to change anything.