Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Error: Out of memory" if dynsec path owned by root and no config file #2520

Closed
sezanzeb opened this issue Apr 26, 2022 · 3 comments
Closed

"Error: Out of memory" if dynsec path owned by root and no config file #2520

sezanzeb opened this issue Apr 26, 2022 · 3 comments
Milestone
2.0.15

Comments

@sezanzeb
Copy link

sezanzeb commented Apr 26, 2022
edited

Using the eclipse-mosquitto docker image

➜  mosquitto git:(main) ✗ uname -r     
5.13.19-2-MANJARO
➜  mosquitto git:(main) ✗ pacman -Q | grep docker
docker 1:20.10.14-1

mosquitto.conf:

# mqtt
listener 1883
allow_anonymous true

# unencrypted ws
listener 8080
protocol websockets
allow_anonymous true

# encrypted ws
listener 8081
protocol websockets
allow_anonymous true

# dynsec plugin
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /dynsec

Dockerfile:

FROM eclipse-mosquitto
COPY mosquitto.conf /mosquitto/config/
RUN mkdir /dynsec
RUN chown mosquitto:mosquitto /dynsec

without chown:

➜  mosquitto git:(main) ✗ docker build . --tag mosquitto && docker run mosquitto            
Sending build context to Docker daemon  7.168kB
Step 1/3 : FROM eclipse-mosquitto
 ---> 58900513926f
Step 2/3 : COPY mosquitto.conf /mosquitto/config/
 ---> Using cache
 ---> 4f5d62cb29d5
Step 3/3 : RUN mkdir /dynsec
 ---> Using cache
 ---> 0874d4177976
Successfully built 0874d4177976
Successfully tagged mosquitto:latest
1650974938: mosquitto version 2.0.14 starting
1650974938: Config loaded from /mosquitto/config/mosquitto.conf.
1650974938: Loading plugin: /usr/lib/mosquitto_dynamic_security.so
1650974938: Error: Out of memory.
1650974938: Opening ipv4 listen socket on port 1883.
1650974938: Opening ipv6 listen socket on port 1883.
1650974938: Opening websockets listen socket on port 8080.
1650974938: Opening websockets listen socket on port 8081.
1650974938: mosquitto version 2.0.14 running

with chown:

➜  mosquitto git:(main) ✗ docker build . --tag mosquitto && docker run mosquitto
Sending build context to Docker daemon  7.168kB
Step 1/4 : FROM eclipse-mosquitto
 ---> 58900513926f
Step 2/4 : COPY mosquitto.conf /mosquitto/config/
 ---> Using cache
 ---> 4f5d62cb29d5
Step 3/4 : RUN mkdir /dynsec
 ---> Using cache
 ---> 0874d4177976
Step 4/4 : RUN chown mosquitto:mosquitto /dynsec
 ---> Using cache
 ---> aaf6adf88ee1
Successfully built aaf6adf88ee1
Successfully tagged mosquitto:latest
1650974960: mosquitto version 2.0.14 starting
1650974960: Config loaded from /mosquitto/config/mosquitto.conf.
1650974960: Loading plugin: /usr/lib/mosquitto_dynamic_security.so
1650974960: Opening ipv4 listen socket on port 1883.
1650974960: Opening ipv6 listen socket on port 1883.
1650974960: Opening websockets listen socket on port 8080.
1650974960: Opening websockets listen socket on port 8081.
1650974960: mosquitto version 2.0.14 running

I would have expected a permission error instead or something.
@sezanzeb
Copy link
Author

sezanzeb commented Apr 26, 2022
edited

If the docker file is

FROM eclipse-mosquitto
COPY mosquitto.conf /mosquitto/config/
RUN mkdir /dynsec
# RUN chown mosquitto:mosquitto /dynsec
COPY dynamic-security.json /dynsec

it also works.

It only fails with the out-of-memory error if there is no dynamic-security.json file AND the directory is not owned by mosquitto.

@sezanzeb sezanzeb changed the title "Error: Out of memory" if dynsec path owned by root "Error: Out of memory" if dynsec path owned by root and no config file Apr 26, 2022
@sezanzeb sezanzeb mentioned this issue May 3, 2022
Closed
@sezanzeb
Copy link
Author

sezanzeb commented May 3, 2022
edited

note, that plugin_opt_config_file /dynsec is wrong and should be plugin_opt_config_file /dynsec/dynamic-security.json

ralight added a commit that referenced this issue Aug 12, 2022
@ralight
Fix confusing error message when dynamic security config file was a d…
80c7726 
…irectory.

Closes #2520. Thanks to sezanzeb
@ralight
Copy link
Contributor

ralight commented Aug 12, 2022

This is now fixed for 2.0.15, thank you for the report.

@ralight ralight closed this as completed Aug 12, 2022
@ralight ralight added this to the 2.0.15 milestone Aug 12, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.15
Development

No branches or pull requests
2 participants
@ralight @sezanzeb