Bug#784238: systemd: emergency.service restart leads to unusable system

Bernd Zeimetz b.zeimetz at conova.com
Mon May 4 14:56:52 BST 2015 

On 05/04/2015 02:26 PM, Michael Biebl wrote:
> It's important, since emergency mode is not meant to be used to install
> packages. emergency mode is only supposed to be entered if something
> fatal happened during boot.

Reinstalling broken package (like some broken systemd-udev-whatever 
thing I did not want to debug yet - which made me reinstall systemd and 
udev) is nothing you want to do in emergency mode?

Please learn that single user mode is perfectly fine for doing all weird 
things tou could imagine, including installing or removing things 
because one doesn't want to boot a full system. Please stop trying to 
force your ideas of how people should work by messing with their init 
systems.

>> Restarting a service should not be broken, and having a completely
>> unusable system which seems to be locked but it is not is clearly a
>> security issue, and not being able to return away from this is a grave bug.
>>
>> Actually one should discuss if a CVE number should be assigned here.
>
> No, not really. What we probably should do is mark
> emergency.service as
> RefuseManualStart=yes
> RefuseManualStop=yes
> because restarting it is stupid and needrestart shouldn't do it.
> It's like killing getty while you're logged in.

Then fix it.
The way it behaves currently is a security issue.
Saying that doing things 'is stupid' is not an excuse for having bugs.


-- 
Mit freundlichen Grüßen


Bernd Zeimetz
Systems Engineer
Debian Developer

conova communications GmbH
Web    | http://www.conova.com/
E-Mail | b.zeimetz at conova.com

Zentrale Salzburg
Karolingerstraße 36A
5020 Salzburg

Tel | +43 (0) 662 22 00 - 313
Fax | +43 (0) 662 22 00 - 209

Es gelten die Allgemeinen Geschäftsbedingungen der
conova communications GmbH, http://www.conova.com/de/agb/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3339 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150504/aa353b1c/attachment-0002.bin>

More information about the Pkg-systemd-maintainers mailing list