Your message dated Fri, 29 Jul 2016 09:17:28 +0200
with message-id <[email protected]>
and subject line Re: usage of network-pre.target results in systemd ordering
cycle
has caused the Debian Bug report #832802,
regarding usage of network-pre.target results in systemd ordering cycle
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
832802: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832802
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: netfilter-persistent
Severity: grave
X-Debbugs-CC: [email protected]
Tags: security
Dear maintainer,
I am using the following minimal systemd unit file for testing purposes.
###
/lib/systemd/system/my-test.service
[Unit]
Description=my-test-firewall-service
Before=network-pre.target
Wants=network-pre.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
###
Enabled it using "sudo systemctl enable my-test.service". It results in
a systemd ordering cycle.
Jul 29 01:23:59 localhost systemd[1]: Found ordering cycle on
basic.target/start
Jul 29 01:23:59 localhost systemd[1]: Found dependency on
sysinit.target/start
Jul 29 01:23:59 localhost systemd[1]: Found dependency on
networking.service/start
Jul 29 01:23:59 localhost systemd[1]: Found dependency on
network-pre.target/start
Jul 29 01:23:59 localhost systemd[1]: Found dependency on
my-test.service/start
Jul 29 01:23:59 localhost systemd[1]: Found dependency on basic.target/start
Jul 29 01:23:59 localhost systemd[1]: Breaking ordering cycle by
deleting job networking.service/start
Jul 29 01:23:59 localhost systemd[1]: Job networking.service/start
deleted to break ordering cycle starting with basic.target/start
Alternatively I tried "WantedBy=network-pre.target", but that resulted
in the systemd unit not being automatically activated after boot at all.
It stays in a loaded, enabled, inactive status. (Manual systemctl start
my-test worked.)
I think this is security relevant since to learn that there is a systemd
ordering cycle one has to look at the syslog. And systemd's automatic
breaking of the chain might result in the firewall not being load early
enough?
Cheers,
Patrick
--- End Message ---
--- Begin Message ---
On Thu, 28 Jul 2016 23:40:00 +0000 Patrick Schleizer
<[email protected]> wrote:
> Package: netfilter-persistent
> Severity: grave
> X-Debbugs-CC: [email protected]
> Tags: security
>
> Dear maintainer,
>
> I am using the following minimal systemd unit file for testing purposes.
>
> ###
> /lib/systemd/system/my-test.service
>
> [Unit]
> Description=my-test-firewall-service
>
> Before=network-pre.target
> Wants=network-pre.target
>
> [Service]
> Type=oneshot
> RemainAfterExit=yes
> ExecStart=/bin/true
> StandardOutput=syslog
>
> [Install]
> WantedBy=multi-user.target
> ###
>
> Enabled it using "sudo systemctl enable my-test.service". It results in
> a systemd ordering cycle.
That's not a bug in systemd but in your service file.
If you want to run in early boot, you'll need to use
DefaultDependencies=yes and specify your dependencies/orderings carefully.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
