-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Random fixes #2576
Random fixes #2576
Conversation
Don't ever permit successful user or group lookups if no UID/GID mapping is actually applied. THis way, we can be sure that nss-mymachines cannot be used to insert invalid cache entries into nscd's cache. https://bugzilla.redhat.com/show_bug.cgi?id=1285339
|
||
assert(t); | ||
assert(t->state == TIMER_DEAD || t->state == TIMER_FAILED); | ||
|
||
if (UNIT_TRIGGER(u)->load_state != UNIT_LOADED) | ||
trigger = UNIT_TRIGGER(u); | ||
if (!trigger || trigger->load_state != UNIT_LOADED) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we log something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# cat <<'EOL' >/lib/systemd/system/my.service
...
# cat <<'EOL' >/lib/systemd/system/my.timer
...
# systemctl mask my.service
...
# systemctl start my.timer
Job for my.timer failed. See "systemctl status my.timer" and "journalctl -xe" for details.
# journalctl -b -u my.timer
-- Logs begin at Wed 2016-02-10 16:26:15 UTC, end at Wed 2016-02-10 16:29:04 UTC. --
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Trying to enqueue job my.timer/start/replace
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Installed new job my.timer/start as 175
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Enqueued job my.timer/start as 175
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Job my.timer/start finished, result=failed
Feb 10 16:29:02 systemd-testsuite systemd[1]: Failed to start my.timer.
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Collecting.
Feb 10 16:29:02 systemd-testsuite systemd[1]: my.timer: Collecting.
Will force-push a version that adds a log message in this case. |
a4f8ab6
to
5bf638b
Compare
5bf638b
to
e903182
Compare
Force pushed a version with the additional log messages added now. Please review. |
Looks good. Thanks!
|
@@ -11,6 +11,7 @@ Documentation=https://www.kernel.org/doc/Documentation/filesystems/fuse.txt | |||
Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems | |||
DefaultDependencies=no | |||
ConditionPathExists=/sys/fs/fuse/connections | |||
ConditionCapability=CAP_SYS_ADMIN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we add ConditionCapability=CAP_SYS_ADMIN
to dev-mqueue.mount too?
# systemctl status dev-mqueue.mount
WARNING: terminal is not fully functional
● dev-mqueue.mount - POSIX Message Queue File System
Loaded: loaded (/usr/lib/systemd/system/dev-mqueue.mount; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2016-02-11 02:23:19 UTC; 3min 45s ago
Where: /dev/mqueue
What: mqueue
Docs: man:mq_overview(7)
http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
Process: 15 ExecMount=/usr/bin/mount mqueue /dev/mqueue -t mqueue (code=exited, status=32)
Feb 11 02:23:19 nspawn-root mount[15]: mount: permission denied
Feb 11 02:23:19 nspawn-root systemd[1]: dev-mqueue.mount: Child 15 belongs to dev-mqueue.mount
Feb 11 02:23:19 nspawn-root systemd[1]: dev-mqueue.mount: Mount process exited, code=exited status=32
Feb 11 02:23:19 nspawn-root systemd[1]: dev-mqueue.mount: Changed mounting -> failed
Feb 11 02:23:19 nspawn-root systemd[1]: dev-mqueue.mount: Job dev-mqueue.mount/start finished, result=failed
Feb 11 02:23:19 nspawn-root systemd[1]: Failed to mount POSIX Message Queue File System.
Feb 11 02:23:19 nspawn-root systemd[1]: dev-mqueue.mount: Unit entered failed state.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so far nobody complained about dev-mqueue.... I'd rather wait until somebody complains before we litter everything with conditions...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, i see now, it is complaining in your case? how did you boot that nspawn instance?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I boot it in docker
-mode (--drop-capability=CAP_SYS_ADMIN
):
../../systemd-nspawn \
--drop-capability=CAP_SYS_ADMIN \
--register=no \
--directory=/var/tmp/systemd-test.JkOcwx/nspawn-root \
/usr/lib/systemd/systemd systemd.log_level=debug systemd.unit=rescue.target
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, then let's add the condition. can you prep a PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. #2581
I don't truly understand "never resolve unmapped UIDs/GIDs" as I'm not familiar with that code, but I don't see anything wrong in the commit. The other three LGTM. Thanks! |
Mostly unrelated fixes.