also provide credentials in ExecStartPre#24734
Merged
poettering merged 1 commit intosystemd:mainfrom Sep 19, 2022
Merged
Conversation
Systemd's credential interface is not yet natively supported by all programs yet. Hence it's often required to run scripts to massage secrets in the way the programs expect it. This commit allows the ExecStartPre commands to access credentials. Fixes systemd#19604
Contributor
|
cc @keszybz (#19604 (comment)) |
Contributor
|
Using |
Contributor
Author
|
In some cases |
Contributor
|
Would it be possible to backport this to systemd-stable, or does this need to wait for a new release? |
13 tasks
And it's causing the brokenness in this issue. Following is a minimal reproduction case: In one terminal: In another terminal: This issue happens because which creates the credentials are created twice (courtesy: |
12 tasks
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 4, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
Currently, exec_setup_credential always rewrite all credentials on exec_invoke, i.e. each ExecCommand invocation. This is problematic though: * When writing tmp cred files, we essentially double the size of each credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing error occurs (see also systemd#24734 (comment)) * Credential is a unit thing and should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or unit file (SetCredential=) changes between ExecStart= and ExecStartPost=, the credentials are overwritten and the main process is suddenly seeing completely different creds when ExecStartPost= gets executed. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of the unit. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. This one is especially awkward IMO, say if people use a timer to regularly update local creds. So, let's always reuse final cred dir if mounted and not empty, so that the creds used is stable and each exec_invoke() is probably more efficient.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
YHNdnzj
added a commit
to YHNdnzj/systemd
that referenced
this pull request
Feb 6, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
ayhamthemayhem
pushed a commit
to neighbourhoodie/nh-systemd
that referenced
this pull request
Mar 25, 2024
fresh otherwise Currently, exec_setup_credential() always rewrite all credentials upon exec_invoke(), i.e. invocation of each ExecCommand, and within a single tmpfs instance. This is problematic though: * When writing each tmp cred file, we essentially double the size of the credential. Therefore, if one cred is bigger than half of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also systemd#24734 (comment)) * Credential is a unit-wide thing and thus should not change during the whole lifetime of main process. However, if e.g. a on-disk credential or SetCredential= in unit file changes between ExecStart= and ExecStartPost=, the credentials are overwritten when the latter gets to run, and the already-running main process is suddenly seeing completely different creds. So, let's try to reuse final cred dir if the main process has started and the tmpfs has been populated, so that the creds used is stable across all ExecStart= and ExecStartPost=-s. We still want to retain the ability of updating creds through ExecStartPre= though, therefore we forcibly use a fresh cred dir for those. 'Fresh' means to actually unmount the old tmpfs first, so the first problem goes away, too.
13 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Systemd's credential interface is not yet natively supported by all programs yet. Hence it's often required to run scripts to massage secrets in the way the programs expect it.
This commit allows the ExecStartPre commands to access credentials.
Fixes #19604