Running mandos in a container without dbus: small code change request

Mike Klein mike at kleinnet.com
Sat Sep 21 21:26:50 CEST 2024 

Mandos is distributed in .deb packages. I have an AWS EC2 instance running Amazon Linux whose package manager is yum-based (or dnf). I wanted to get Mandos running on this instance. Instead of building from scratch in the instance it I decided to try to run it in a Docker container that is based on a Debian image. It took a while but is now working.

I am writing this because there is one code change in the main /usr/sbin/mandos program that needs to be made. The main issue is that getting dbus running in a container is some extra work, and if the Mandos configuration file sets the port, and disables use_dbus and zeroconf, it should work. However, there is one line of code in /usr/sbin/mandos that calls dbus.SystemBus whether or not use_dbus or zeroconf are set, and this causes an exception when dbus is not available. Protecting that call with “if use_dbus or zeroconf:” fixes this exception, and Mandos is running perfectly within this instance.

Would it be possible to update mandos with this change? It is around line 3240-3250 in /usr/sbin/mandos depending on the specific version. Note that just about 20 lines after this, a call using the dbus instance is protected by “if use_dbus:”.

Here is the patch fragment for the change I made on my version (1.8.17):

--- mandos	2024-09-21 12:12:37.993323770 -0700
+++ mandos.orig	2024-09-21 12:11:56.483110574 -0700
@@ -3243,8 +3243,7 @@
     # From the Avahi example code
     DBusGMainLoop(set_as_default=True)
     main_loop = GLib.MainLoop()
-    if use_dbus or zeroconf:
-        bus = dbus.SystemBus()
+    bus = dbus.SystemBus()
     # End of Avahi example code
     if use_dbus:
         try:


BTW the Dockerfile that builds the image that runs is below, in case anyone else wants to try. It has dbus in it because the mandos package lists python3-dbus as a dependency. In the Dockerfile I’m commenting out the offending line.

FROM debian:stable-slim

EXPOSE <mandos port>

RUN apt update \
    && apt install -y --no-install-recommends --no-install-suggests \
	mandos \
	fping \
	rsyslog \
	dbus \
	avahi-daemon \
	avahi-utils \
	libnss-mdns \
    && sed -i.orig "s/bus = dbus.SystemBus()/#bus = dbus.SystemBus()/" /usr/sbin/mandos \
    && mkdir -p /var/run/rsyslog \
    && mkdir -p /var/run/dbus \
    && sed -i.bak s/xconsole/console/g /etc/rsyslog.conf \
    && apt clean autoclean \
    && apt autoremove --yes \
    && rm -rf /var/lib/{apt,dpkg,cache,log}

COPY ./config/mandos.conf /etc/mandos/mandos.conf
COPY ./config/clients.conf /etc/mandos/clients.conf

CMD ["/usr/sbin/mandos", "--foreground"]


Thank you,

		-Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20240921/8060a55b/attachment-0001.htm>

More information about the Mandos-Dev mailing list