From 2ba0eacc6cf3c2ff94272c100cb713931c768199 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 4 Sep 2025 10:13:17 +0900 Subject: [PATCH 1/2] core/unit: do not load drop-in configs for masked unit files Otherwise, ExecXYZ= given by drop-ins may be added to a masked unit, then commands may be unexpectedly executed. For example, if an ExecStop= is set in a drop-in for a running unit, then 'systemctl mask --now' for the unit try to invoke the command specified in ExecStop=. Fixes #38802. --- src/core/unit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/unit.c b/src/core/unit.c index 1eb4de6462..7d9e24c5de 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1422,6 +1422,9 @@ int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) { if (r < 0) return r; + if (u->load_state == UNIT_MASKED) + return 0; + if (u->load_state == UNIT_STUB) { if (fragment_required) return -ENOENT; From 023de387821dd142fbc86d0882a904b87cb01b6a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 4 Sep 2025 03:21:45 +0900 Subject: [PATCH 2/2] TEST-07-PID1: add test cases for mask/unmask unit For issue #38802. --- test/units/TEST-07-PID1.mask.sh | 90 +++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100755 test/units/TEST-07-PID1.mask.sh diff --git a/test/units/TEST-07-PID1.mask.sh b/test/units/TEST-07-PID1.mask.sh new file mode 100755 index 0000000000..33c74f0011 --- /dev/null +++ b/test/units/TEST-07-PID1.mask.sh @@ -0,0 +1,90 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -eux +set -o pipefail + +at_exit() { + set +e + + systemctl stop mask-test.service + rm -rf /run/systemd/system/mask-test.service* + systemctl daemon-reload + + rm -f /tmp/should-not-exist-by-* +} + +trap at_exit EXIT + +rm -f /tmp/should-not-exist-by-* + +mkdir -p /run/systemd/system/mask-test.service.d + +cat >/run/systemd/system/mask-test.service </run/systemd/system/mask-test.service.d/10-stop.conf <