Error during decryption of meta key
Guus Sliepen
guus at tinc-vpn.org
Sun Sep 30 21:45:11 CEST 2012
On Sun, Sep 30, 2012 at 02:12:33AM +0200, Martin Schürrer wrote:
> Sep 30 02:10:04 schuerrer tinc.msch[16018]: Error during decryption of
> meta key for iMartin (95.211.195.1 port 56904)
> error:00000000:lib(0):func(0):reason(0)
> Sep 30 02:10:04 schuerrer tinc.msch[16018]: Error while processing
> METAKEY from iMartin (95.211.195.1 port 56904)
So, after a long debugging session on IRC, it appears that this error is caused
by using both the --mlock and --user flags (or -L and -U in short notation)
simultaneously. When using --user to setuid tincd to a very unpriviledged user,
it can happen that this user is not allowed to allocate more memory than has
already been locked before the setuid() call happened.
I think this is the same problem "deep_eye" reported in March 2010:
http://www.tinc-vpn.org/pipermail/tinc/2010-March/002231.html
If you run into this problem, then either don't use both options
simultaneously, or try to raise the limit of maximum locked address space for
the user you want tincd to run as (for example, using
/etc/security/limits.conf).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120930/c508306c/attachment.pgp>
More information about the tinc
mailing list