Bug#753790: systemd: process 1 should load new versions of shared objects

Michael Biebl biebl at debian.org
Sat Jul 5 03:40:33 BST 2014 

Am 05.07.2014 03:40, schrieb Russell Coker:
> Source: systemd
> Version: all
> Severity: normal
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753726
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753727
> 
> The above bugs concern the ability of library packages to request that systemd
> use the new version on an upgrade.  I don't think it's reasonable for the
> library updates to never be applied because there's the risk of a security
> flaw being discovered in one of them that affects the operation of systemd.

While I agree with you in general, keep in mind that this is actually
also a general issue. PID 1 is in no way special in that regard and this
concerns every long running process / daemon.
It's not like a security update of libselinux (or any other library for
that matter) restarts all daemons / binaries linking against said library.
Incidentally we discussed exactly that within the pkg-systemd team
before I filed this bug. Our conclusion was, that the right answer for
that is probably something like checkrestart which is run *after* the
upgrade has completed.

> As there is apparently a reliability issue in the library postinst calling
> "telinit u" I think that systemd should have triggers to allow it to take the
> new libraries when they are installed.

I'm not convinced that a package-individual trigger is the right answer
for this (we also discussed this possibility within the team). Every
package providing a long running system service would have to provide
such a trigger and every library would have to call all triggers. That
doesn't scale.

We need a general solution for this.

What I'm convinced about though is, that restarting a daemon (or
re-execing PID 1) midway through an upgrade is bound to fail one way or
another.

So I still kindly ask you to apply the patches in #753726 and #753727

Cheers,
Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140705/9caf79f6/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list