Skip to content

Rely on systemd-tmpfiles and remove some privileged startup logic in resolved & networkd #6241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Siosm wants to merge 3 commits into from
Closed

Rely on systemd-tmpfiles and remove some privileged startup logic in resolved & networkd #6241

Siosm wants to merge 3 commits into from

Conversation

@Siosm
Copy link

@Siosm Siosm commented Jun 29, 2017

The systemd-resolved & systemd-networkd daemons re-create folders in /run/systemd that have already been created by systemd-tmpfiles during bootup from tpmfiles.d/systemd.conf.

Remove this duplicate logic and add a missing directory entry for networkd. Also remove associated capabilities required by those operations.

This is a first step to non-root startup of those daemons. A first try is available at Siosm/systemd@unpriv-resolved-networkd, but requires ambient capability from a recent kernel (>4.3) thus I have split the PR in two.

@travier-anssi
resolved: use systemd tmpfile to create /run/systemd/resolve
8eb77f0 
Remove CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER from the capability
bounding set.
@travier-anssi
networkd: use systemd tmpfile to create /run/network/netif/lldp
aed8abd
@travier-anssi
networkd: do not re-create /run/network/netif/* directories
a09692d 
The /run/network/netif directory and those under are created by
systemd-tmpfiles from systemd.conf.

Remove CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER from the capability
bounding set.
@fsateler
Copy link
Member

fsateler commented Jun 29, 2017

systemd-networkd is DefaultDependencies=no and thus can run on early boot. This means that it is possible that networkd starts before tmpfiles. Adding an ordering with tmpfiles makes networkd order after local-fs.target, which is probably undesirable.

@fsateler
Copy link
Member

fsateler commented Jun 29, 2017

Indeed the s390x autopkgtest has plenty of errors because networkd is started too early:

Jun 29 16:08:05 autopkgtest-lxc-gokrjz systemd-networkd[7617]: dummy0: Failed to save link data to /run/systemd/netif/links/60: No such file or directory
Jun 29 16:08:05 autopkgtest-lxc-gokrjz systemd-networkd[7617]: test_eth42: Failed to save link data to /run/systemd/netif/links/58: No such file or directory
Jun 29 16:08:05 autopkgtest-lxc-gokrjz systemd-networkd[7617]: eth0: Failed to save link data to /run/systemd/netif/links/215321: No such file or directory
Jun 29 16:08:05 autopkgtest-lxc-gokrjz systemd-networkd[7617]: lo: Failed to save link data to /run/systemd/netif/links/1: No such file or directory

And many more such messages.

@poettering
Copy link
Member

poettering commented Jul 3, 2017

While I sympasize with the goal, I am not this can be really done for early-boot services like resolved and networkd.

It might be possible to make this work with RuntimeDirectory= though, that definitely deserves some looking into, but tmpfiles can't really work, afaics. RuntimeDirectory= as it is designed right now is not a great fit either, but I think we could relatively easily make it one. Specifically, /run/network and friends are supposed to survive restarts of networkd (as we use them to serialize state). Maybe we could tweak RuntimeDirectory= a bit, bit adding some single-character modifier or so, which would permit configuring a directory that is created on first service start if missing but is not automatically removed. Maybe a syntax like this:

RuntimeDirectory=!/run/foobar

i.e. using ! is indicator character, that the dir is supposed to stay. Using a single character isn't pretty, but it's kinda what we have been using for a number of cases already, for example we prefix ExecStart= with - to ignore the exit status of the command, and so on.

Does that make sense?

@fsateler
Copy link
Member

fsateler commented Jul 3, 2017

Maybe we could tweak RuntimeDirectory= a bit, bit adding some single-character modifier or so, which would permit configuring a directory that is created on first service start if missing but is not automatically removed

This is #6087 . TBH I prefer the RuntimeDirectoryPreserve= approach over single-character prefix, as it is more self-documenting.

@poettering
Copy link
Member

poettering commented Jul 3, 2017

Yupp, #6087 appears like the right way out for this. It would be excellent if this PR could be reworked to implement that, so that we can reduce the priviliged code in resolved+networkd but also not require tmpfiles

@Siosm
Copy link
Author

Siosm commented Jul 3, 2017

Thanks for the feedback. I'll look into it.

@evverx evverx mentioned this pull request Jul 17, 2017
Merged
@Siosm Siosm mentioned this pull request Jul 18, 2017
Closed
@Siosm
Copy link
Author

Siosm commented Jul 18, 2017

I have pushed an alternative version of this PR as #6393.

@poettering
Copy link
Member

poettering commented Jul 18, 2017

Closing this one in favour of #6393

@poettering poettering closed this Jul 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-discussion 🤔 network resolve

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Siosm @fsateler @poettering @travier-anssi