fe753735e3
Before calling io.systemd.MachineImage.List. The systemd-nspawn process takes a lock in the run() function in nspawn.c and holds it for the entire runtime of that function. If we call `machinectl terminate` the machine gets unregistered _before_ we release the lock, so the original `machinectl status` check would return early, allowing for a race where we call io.systemd.MachineImage.List over Varlink when systemd-nspawn still holds the lock because the process is still running.: ``` [ 41.691826] TEST-13-NSPAWN.sh[1102]: + machinectl terminate long-running [ 41.695009] systemd-nspawn[2171]: Trying to halt container by sending TERM to container PID 1. Send SIGTERM again to trigger immediate termination. [ 41.698235] systemd-machined[1192]: Machine long-running terminated. [ 41.709520] TEST-13-NSPAWN.sh[1102]: + systemctl kill --signal=KILL systemd-nspawn@long-running.service [ 41.709169] systemd-nspawn[2171]: Failed to unregister machine: No machine 'long-running' known [ 41.720869] TEST-13-NSPAWN.sh[2346]: + varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' [ 41.723359] TEST-13-NSPAWN.sh[2347]: + grep long-running ... [ 41.735453] TEST-13-NSPAWN.sh[2352]: + varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running", "acquireMetadata": "yes"}' [ 41.736222] TEST-13-NSPAWN.sh[2353]: + grep OSRelease [ 41.739500] TEST-13-NSPAWN.sh[2352]: Method call io.systemd.MachineImage.List() failed: Device or resource busy [ 41.740641] systemd[1]: Received SIGCHLD. [ 41.740670] systemd[1]: Child 2171 (systemd-nspawn) died (code=killed, status=9/KILL) [ 41.740725] systemd[1]: systemd-nspawn@long-running.service: Child 2171 belongs to systemd-nspawn@long-running.service. [ 41.740748] systemd[1]: systemd-nspawn@long-running.service: Main process exited, code=killed, status=9/KILL [ 41.740755] systemd[1]: systemd-nspawn@long-running.service: Will spawn child (service_enter_stop_post): systemd-nspawn [ 41.740872] systemd[1]: systemd-nspawn@long-running.service: About to execute: systemd-nspawn --cleanup --machine=long-running ... ``` Let's mitigate this by waiting until the corresponding systemd-nspawn@.service instance enters the 'inactive' state where the lock should be properly released. Resolves: https://github.com/systemd/systemd/issues/39547
System and Service Manager
Details
Most documentation is available on systemd's web site.
Assorted, older, general information about systemd can be found in the systemd Wiki.
Information about build requirements is provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the Code Map for information about this repository's layout and content.
Please see the Hacking guide for information on how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel
Stable branches with backported patches are available in the stable repo.
We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack
Repositories with distribution packages built from git main are available on OBS