Bug#802018: systemd: _SYSTEMCTL_SKIP_REDIRECT=true is leaked to daemon
Hello all, Michael Biebl [2016-12-22 9:21 +0100]: > Am 16.10.2015 um 23:07 schrieb Sebastian Schmidt: > Looking at that old code again, I actually don't remember, why we export > _SYSTEMCTL_SKIP_REDIRECT="true" at all and if the obvious fix would be > to simply drop that else clause. AFAIK the original intent was that if you call "/etc/init.d/foo start" this would redirect to "systemctl start" which would run "Exec=/etc/init.d/foo start" in the generated unit which must not do that same redirection again. This should be sufficiently covered by the [ $PPID -ne 1 ] test, though. git archeology shows that commit c04d0f71 introduced the script and both the SKIP_REDIRECT and the [ $PPID -ne 1 ] were already present, though. So, I can't think of a good reason to set this either, thanks for dropping it from master. Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: PGP signature
Bug#802018: systemd: _SYSTEMCTL_SKIP_REDIRECT=true is leaked to daemon
Am 16.10.2015 um 23:07 schrieb Sebastian Schmidt:
> Package: systemd
> Version: 226-4
> Severity: normal
> Tags:
>
> Hi,
>
> /lib/lsb/init-functions.d/40-systemd exports
> _SYSTEMCTL_SKIP_REDIRECT=true to detect when it has been called
> recursively again by systemd. This export is actually never cleaned up and
> is passed to the daemon. In the case of Puppet, which uses “/etc/init.d
> $service $action” (without cleaning up the environment - which is
> probably an issue by itself) to query and change a daemon’s status, this
> causes the init.d hook to not redirect the call to systemd. For services
> that supply an actual systemd unit which does not simply call the init
> script (e.g. clamav-freshclam) this can cause the action to fail.
>
> A trivial fix would be:
>> --- a/debian/extra/init-functions.d/40-systemd
>> +++ b/debian/extra/init-functions.d/40-systemd
>> @@ -25,6 +25,8 @@ if [ -d /run/systemd/system ]; then
>>fi
>>;;
>>esac
>> +elif [ -z "${_SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
>> +unset _SYSTEMCTL_SKIP_REDIRECT
>>else
>>export _SYSTEMCTL_SKIP_REDIRECT="true"
>>fi
>
Looking at that old code again, I actually don't remember, why we export
_SYSTEMCTL_SKIP_REDIRECT="true" at all and if the obvious fix would be
to simply drop that else clause.
I did that and didn't encounter any obvious problems.
As said, this code is old, over 6 years, so I don't remember. Can anyone
think of a scenario where we would need that?
Andeas mentioned on IRC that it could be to avoid redirect loops, but
how would this work. As soon as we redirect the call to systemctl, the
actual execution will be by systemd, i.e. PID 1 and PPID will be 1.
Can there be a case where this assumption is not correct?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
Bug#802018: systemd: _SYSTEMCTL_SKIP_REDIRECT=true is leaked to daemon
Package: systemd
Version: 226-4
Severity: normal
Tags:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
/lib/lsb/init-functions.d/40-systemd exports
_SYSTEMCTL_SKIP_REDIRECT=true to detect when it has been called
recursively again by systemd. This export is actually never cleaned up and
is passed to the daemon. In the case of Puppet, which uses “/etc/init.d
$service $action” (without cleaning up the environment - which is
probably an issue by itself) to query and change a daemon’s status, this
causes the init.d hook to not redirect the call to systemd. For services
that supply an actual systemd unit which does not simply call the init
script (e.g. clamav-freshclam) this can cause the action to fail.
A trivial fix would be:
> --- a/debian/extra/init-functions.d/40-systemd
> +++ b/debian/extra/init-functions.d/40-systemd
> @@ -25,6 +25,8 @@ if [ -d /run/systemd/system ]; then
>fi
>;;
>esac
> +elif [ -z "${_SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
> +unset _SYSTEMCTL_SKIP_REDIRECT
>else
>export _SYSTEMCTL_SKIP_REDIRECT="true"
>fi
But this doesn’t fix the case when systemd is not calling the init
script twice (because the service has an actual unit). Since the
approach to guard the recursion with an environment variable relies on
systemd not cleaning up the environment I’m not sure how to best fix
this.
Sebastian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIVAwUBViFm/Phx3EthBlqjAQgIQhAAowyPvUlhWh1wyDGotGFXOQGyHwFx5ov4
afMErBsvfnySQlG56vXZNzhVEqg+Ta7jL+oxlVemZ2PIGowxnp4blV4D5k3VZy63
8bBnwmfnNTVYPG3c3b5tXEADerLz5vZ6qVv/V5OM1KQcVS4hhlxVLFDkZTv9sh3T
Lu/0v7sL1M/t2EdN0GRHYex6Pp7hwZajG8ZmHIUfrgj2yvkAxv6ObRTKLHy1Cjzq
Pc8gKbDtFctoYz6Z4BjfuwTZ8yGVuE85j7lAENCFDczB6w7T3GFiAyWzgg/lGk2a
atA0sZ541nmll4dnZZCoPPn2YVtteWeLKneXtT6q8gyEaIuBHr860EXxh5V1RjFr
gAJIx0fJnk/Y6bT4aYrhEHI3o88EZ+D8pdNyzLvGZt5aeWI0rotakpnBbfXHuPae
Q5IHFiuWx4gV3QP7RBk5+OXQXPhXjs/ntDTrlioIzkAFHBO3f9l75LdimcJUJwIl
dwmhiKYQsah0EfTY2T+gmWclgGsxouUG6cACbx9xc97EkhIy1wxFR1O3/lvnH89F
a5IQp0AMS+1JgjloBXxPFI513Xi3H0w+4H4oC+4ET4vKMqMeS4x8RC3EKaxTe1ep
mOuvQYgCEOVHZuTrGytApHNOnlKhu7ZRAeoxtrDcub2EgJNcVu/0h2DjvgfLwW+W
iGjTUHU3l6w=
=EsOG
-END PGP SIGNATURE-
