Fix scope activation from a user instance

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-11-11 15:15:36 -08:00 · 2021-11-11 15:15:36 -08:00 · 9309bd3038
parent 89ea50d07a
commit 9309bd3038
2 changed files with 48 additions and 1 deletions
--- a/d35551d8c6.patch
+++ b/d35551d8c6.patch
@ -0,0 +1,43 @@
+From d35551d8c6a9c46442500992abfb67774f9fa8d8 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@archlinux.org>
+Date: Wed, 10 Nov 2021 22:46:35 +0100
+Subject: [PATCH] scope: count successful cgroup additions when delegating via
+ D-Bus
+
+Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse
+activation of scopes if no PIDs to add are left") all "systemd-run --scope
+--user" calls fail because cgroup attachments delegated to the system instance
+are not counted towards successful additions. Fix this by incrementing the
+return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to
+what happens when cg_attach() succeeds directly.
+
+Note that this can *not* distinguish the case when
+unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all
+processes to attach are gone in the meantime, unlike the checks that commit
+8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is
+because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal
+unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include
+the number of successfully attached processes and is always NULL on success.
+
+Fixes: #21297
+---
+ src/core/cgroup.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index abc30e3990c4..c942db8d05eb 100644
+--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
+@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
+                                 z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path);
+                                 if (z < 0)
+                                         log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p));
+-                                else
+                                else {
+                                        if (ret >= 0)
+                                                ret++; /* Count successful additions */
+                                         continue; /* When the bus thing worked via the bus we are fully done for this PID. */
+                                }
+                         }
+ 
+                         if (ret >= 0)
--- a/systemd.spec
+++ b/systemd.spec
@ -31,7 +31,7 @@ Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 %if %{without inplace}
 Version:        249.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@ -99,6 +99,7 @@ Patch0005:      0005-update-helper-also-add-user-reexec-verb.patch
 Patch0006:      0006-update-helper-add-missing-loop-over-user-units.patch

 Patch0007:      https://github.com/systemd/systemd/commit/2da7d0bc92.patch
+Patch0008:      https://github.com/systemd/systemd/commit/d35551d8c6.patch

 # Downstream-only patches (5000–9999)
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@ -1002,6 +1003,9 @@ fi
 %files standalone-sysusers -f .file-list-standalone-sysusers

 %changelog
+* Wed Nov 10 2021 Kir Kolyshkin <kolyshkin@gmail.com> - 249.6-4
+- Fix scope activation from a user instance (#2022041)
+
 * Mon Nov  8 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.6-3
 - Fix helper to restart user units with older systemd (#2020415)