Bug#798625: systemd-networkd: Runs arbitrary inappropriate scripts on network changes

Josh Triplett josh at joshtriplett.org
Fri Sep 11 07:54:33 BST 2015 

Package: systemd
Version: 226-1
Severity: normal

[Filing this as "normal" only because systemd-networkd is not yet
normally used in Debian, and is not packaged separately; this is
release-critical for systemd-networkd.]

>From the changelog of 226-1:

  * Make networkd call if-up.d/ scripts when it brings up interfaces, to
    become compatible with ifupdown and NetworkManager for packages shipping
    hooks. (LP: #1492129)

(Along with various other changes related to these hooks.)

This is an *extremely* bad idea; please revert it before any package
incorrectly starts to rely on it.  And this should have been discussed
on at least pkg-systemd-maintainers, if not systemd-devel, before being
implemented.

Several reasons why this is a bad idea:

- networkd is intended to bring up interfaces *quickly*, on the order of
  microseconds (not milliseconds) even with DHCP, let alone without.
  Spawning arbitrary processes, and especially shell scripts, is not and
  will never be compatible with networkd's performance requirements.

- These hooks don't exist upstream.  Packages shipping if-up.d hooks are
  thus still broken anywhere other than Debian, and even *in* Debian
  they're broken with dynamic network configuration.  Those package need
  fixing (upstream) to handle dynamic network configuration, and once
  they do, the Debian-specific hooks become obsolete.  Allowing these
  hooks makes it less obvious that the packages themselves need fixing.

- Network configuration can change at any time, and networkd is not
  stateful; state lives in the kernel, not in networkd.  These hooks
  break that assumption.  (This will also likely break with future
  changes to networkd and other packages integrating with it, as well as
  with other types of interfaces or virtual networks networkd can
  configure.)  Among other things, as the systemd-networkd manpage
  documents, "Network configurations applied before networkd is started
  are not removed, and static configuration applied by networkd is not
  removed when networkd exits. Dynamic configuration applied by networkd
  may also optionally be left in place on shutdown. This ensures
  restarting networkd does not cut the network connection, and, in
  particular, that it is safe to transition between the initrd and the
  real root, and back."

- Several of the existing if-up.d and if-post-down.d hooks should not
  run under networkd.  Among others: wpasupplicant's hooks shouldn't run
  at all under anything but ifupdown, mountnfs's hooks shouldn't run
  (because they conflict with several other approaches to nfs handling
  that integrate properly with systemd), avahi-daemon's hook is
  responsible for numerous problems and slowdowns even under
  ifupdown, and wireless-tools' hook shouldn't run under anything but
  ifupdown.

- Calling if-up.d and if-post-down.d, but not calling if-down.d or
  if-pre-up.d, may well break assumptions that a family of scripts in
  those directories have about when they'll be called and what state
  machine they'll go through.

Packages shipping if-up.d or if-post-down.d scripts are not compatible
with networkd.  Primarily because they aren't compatible with
dynamically changing network configurations, and secondarily because
they tend to do the kind of really silly things that happen with
arbitrary shell-script hooks available.  This is not the right way to
fix that problem.

What specific problem is this trying to solve?  If there are specific
packages you're trying to fix or integrate with, perhaps we could talk
about other solutions to work with those packages (including the
possibility of writing patches to either those packages or networkd to
improve such integration).

- Josh Triplett

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.113+nmu3
ii  libacl1         2.2.52-2
ii  libapparmor1    2.9.2-3
ii  libaudit1       1:2.4.4-1
ii  libblkid1       2.27-1
ii  libc6           2.19-19
ii  libcap2         1:2.24-11
ii  libcap2-bin     1:2.24-11
ii  libcryptsetup4  2:1.6.6-5
ii  libgcrypt20     1.6.3-2
ii  libkmod2        21-1
ii  liblzma5        5.1.1alpha+20120614-2.1
ii  libmount1       2.27-1
ii  libpam0g        1.1.8-3.1
ii  libseccomp2     2.2.3-2
ii  libselinux1     2.3-2+b1
ii  libsystemd0     226-1
ii  mount           2.27-1
ii  sysv-rc         2.88dsf-59.2
ii  udev            226-1
ii  util-linux      2.27-1

Versions of packages systemd recommends:
ii  dbus            1.8.20-1
ii  libpam-systemd  226-1

Versions of packages systemd suggests:
pn  systemd-container  <none>
pn  systemd-ui         <none>

-- Configuration Files:
/etc/X11/xinit/xinitrc.d/50-systemd-user.sh changed [not included]
/etc/dbus-1/system.d/org.freedesktop.machine1.conf f739cc6d353cc7fea0d14b8f01ee9851 [Errno 2] No such file or directory: u'/etc/dbus-1/system.d/org.freedesktop.machine1.conf f739cc6d353cc7fea0d14b8f01ee9851'
/etc/systemd/logind.conf changed [not included]

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list