/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core-linux-agent: systemd presets getting unintentionally overridden somehow #2427

Open
jpouellet opened this Issue Nov 10, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
3 participants
@jpouellet @marmarek @andrewdavidwong
@jpouellet
Contributor

jpouellet commented Nov 10, 2016

Qubes OS version (e.g., R3.1):

R3.2

Affected TemplateVMs (e.g., fedora-23, if applicable):

fedora-23, possibly also others including dom0 (with core-admin-linux/system-config/75-qubes-dom0.presets)

Expected behavior:

upowerd (an example of something disabled in the systemd presets) should not be enabled or running in any DomU:

% grep upower core-agent-linux/vm-systemd/75-qubes-vm.preset
disable upower.service

Actual behavior:

In an AppVM (fedora23 templated based):

% qubesdb-read /qubes-vm-type
AppVM
% cat /etc/fedora-release 
Fedora release 23 (Twenty Three)

upowerd (an example of something that should be disabled) is actually enabled:

% systemctl | grep upower      
upower.service              loaded active     running   Daemon for power management

and indeed running:

% ps aux | grep upower
root       885  0.0  0.6 360576  9120 ?        Ssl  Nov09   0:00 /usr/libexec/upowerd

Steps to reproduce the behavior:

I do not pretend to understand systemd enough to know what triggers this, but consider this report as an observation that it does happen.

Related issues:

https://groups.google.com/forum/#!topic/qubes-users/dpM_GHfmEOk/discussion
https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/75-qubes-vm.preset
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 11, 2016

Member

Maybe something else start the service? preset only prevent starting the service during system boot (check systemctl status upower.service - there should be "disabled"), but do not prevent starting it manually, or using any other way (like timers, dbus activation etc).

I think it is started through dbus:
/usr/share/dbus-1/system-services/org.freedesktop.UPower.service

[D-BUS Service]
Name=org.freedesktop.UPower
Exec=/usr/libexec/upowerd
User=root
SystemdService=upower.service

Which means, if it's running - something have requested access to UPower API. Masking the service, or adding some Condition=... would prevent it started using any method, but I'm not sure about consequences for an application trying to reach it - it may results in some timeouts or so...
Member

marmarek commented Nov 11, 2016

Maybe something else start the service? preset only prevent starting the service during system boot (check systemctl status upower.service - there should be "disabled"), but do not prevent starting it manually, or using any other way (like timers, dbus activation etc).

I think it is started through dbus:
/usr/share/dbus-1/system-services/org.freedesktop.UPower.service

[D-BUS Service]
Name=org.freedesktop.UPower
Exec=/usr/libexec/upowerd
User=root
SystemdService=upower.service

Which means, if it's running - something have requested access to UPower API. Masking the service, or adding some Condition=... would prevent it started using any method, but I'm not sure about consequences for an application trying to reach it - it may results in some timeouts or so...

@andrewdavidwong andrewdavidwong added bug C: core labels Nov 11, 2016

@andrewdavidwong andrewdavidwong added this to the Release 3.2 milestone Nov 11, 2016

@marmarek marmarek modified the milestones: Release 3.2, Release 3.2 updates Nov 19, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment