From 2ba0eacc6cf3c2ff94272c100cb713931c768199 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 4 Sep 2025 10:13:17 +0900 Subject: [PATCH] core/unit: do not load drop-in configs for masked unit files Otherwise, ExecXYZ= given by drop-ins may be added to a masked unit, then commands may be unexpectedly executed. For example, if an ExecStop= is set in a drop-in for a running unit, then 'systemctl mask --now' for the unit try to invoke the command specified in ExecStop=. Fixes #38802. --- src/core/unit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/unit.c b/src/core/unit.c index 1eb4de6462..7d9e24c5de 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1422,6 +1422,9 @@ int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) { if (r < 0) return r; + if (u->load_state == UNIT_MASKED) + return 0; + if (u->load_state == UNIT_STUB) { if (fragment_required) return -ENOENT;