2aa910a3e8
After setuid, the kernel clears the dumpable flag, making /proc/self/
entries owned by root. This broke open("/dev/stderr") for non-root
users inside subcontainers. The previous fix (chowning /proc/self/fd/*)
was dangerous because it chowned whatever file the FD pointed to (could
be the journal socket).
The proper fix is prctl(PR_SET_DUMPABLE, 1) after setuid, which restores
/proc/self/ ownership to the current uid.
Additionally, adds a `pipe-wrap` subcommand that wraps a child process
with piped stdout/stderr, relaying to the original FDs. This ensures all
descendants inherit pipes (which support re-opening via /proc/self/fd/N)
even when the outermost FDs are journal sockets. container-runtime.service
now uses this wrapper.
With pipe-wrap guaranteeing pipe-based FDs, the exec and launch non-TTY
paths no longer need their own pipe+relay threads, eliminating the bug
where exec would hang when a child daemonized (e.g. pg_ctl start).
StartOS
What is StartOS?
StartOS is an open-source Linux distribution for running a personal server. It handles discovery, installation, network configuration, data backup, dependency management, and health monitoring of self-hosted services.
Tech stack: Rust backend (Tokio/Axum), Angular frontend, Node.js container runtime with LXC, and a custom diff-based database (Patch-DB) for reactive state synchronization.
Services run in isolated LXC containers, packaged as S9PKs — a signed, merkle-archived format that supports partial downloads and cryptographic verification.
What can you do with it?
StartOS lets you self-host services that would otherwise depend on third-party cloud providers — giving you full ownership of your data and infrastructure.
Browse available services on the Start9 Marketplace, including:
- Bitcoin & Lightning — Run a full Bitcoin node, Lightning node, BTCPay Server, and other payment infrastructure
- Communication — Self-host Matrix, SimpleX, or other messaging platforms
- Cloud Storage — Run Nextcloud, Vaultwarden, and other productivity tools
Services are added by the community. If a service you want isn't available, you can package it yourself.
Getting StartOS
Buy a Start9 server
The easiest path. Buy a server from Start9 and plug it in.
Build your own
Follow the install guide to install StartOS on your own hardware. . Reasons to go this route:
- You already have compatible hardware
- You want to save on shipping costs
- You prefer not to share your physical address
- You enjoy building things
Build from source
See CONTRIBUTING.md for environment setup, build instructions, and development workflow.
Contributing
There are multiple ways to contribute: work directly on StartOS, package a service for the marketplace, or help with documentation and guides. See CONTRIBUTING.md or visit start9.com/contribute.
To report security issues, email security@start9.com.