Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

service: relax PID file symlink chain checks a bit #8133

Merged
merged 1 commit into from Feb 9, 2018
Merged

service: relax PID file symlink chain checks a bit #8133

merged 1 commit into from Feb 9, 2018

Conversation

poettering
Copy link
Member

@poettering poettering commented Feb 8, 2018
edited

Let's read the PID file after all if there's a potentially unsafe
symlink chain in place. But if we do, then refuse taking the PID if its
outside of the cgroup.

Fixes: #8085

@poettering poettering added the pid1 label Feb 8, 2018
@poettering
service: relax PID file symlink chain checks a bit
7911fec 
Let's read the PID file after all if there's a potentially unsafe
symlink chain in place. But if we do, then refuse taking the PID if its
outside of the cgroup.

Fixes: systemd#8085
@poettering
Copy link
Member Author

This is very similar to @yuwata's #8098 but adds the suggested safety check for PIDs that are not part of the service's cgroup.

This was referenced Feb 8, 2018
Closed
Closed
@keszybz
Copy link
Member

keszybz commented Feb 9, 2018

From IRC:
15:40 < Xogium> zbyszek: it appears to work just fine on here with postgresql, recompiled 237 from
arch with the patch applied, installed that, made sure systemd was rloaded, removed
my modifications in postgresql.conf and did systemctl revert on the unit before
restarting, and it starts all fine now
15:41 < Xogium> I can test for dnsmasq in a few minutes as well if you'd like, I need to upgrade my
router anyways
15:44 < Xogium> zbyszek: yup also works for dnsmasq
15:45 < Xogium> so, it seems to be okay, nothing wrong that I can see
15:48 < Xogium> I don't got any daemon left to test with, so I hope this helps :D

@keszybz keszybz merged commit 73969ab into systemd:master Feb 9, 2018
Werkov pushed a commit to Werkov/systemd that referenced this pull request Mar 9, 2018
@poettering @fbuihuu
service: relax PID file symlink chain checks a bit (systemd#8133)
811cc88 
Let's read the PID file after all if there's a potentially unsafe
symlink chain in place. But if we do, then refuse taking the PID if its
outside of the cgroup.

Fixes: systemd#8085
(cherry picked from commit 73969ab)
@JonoRicci JonoRicci mentioned this pull request Oct 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
pid1
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@poettering @keszybz