Bug#936032: systemd: Main process of service unit gets killed on reload if ExecReload fails

Nikos Kormpakis nkorbb at gmail.com
Thu Aug 29 10:40:45 BST 2019 

Package: systemd
Version: 241-5
Severity: important
Tags: upstream

Dear Maintainer,

systemd kills the main process of a service unit after issuing a reload
command, if the command in `ExecReload` fails. This is a regression
introduced in v239 by upstream commit ec5b145 [1].

This behavior is not an expected one and changed systemd's behavior
during the reload of a unit. Before v239, an `ExecReload` command with
a non-successful exit code, would not kill the main process of the
unit. The change may cause problems in production environments, when
configuration changes happen, that include typos or syntax errors.

Imagine the following scenario:
  * Production server runs haproxy
  * A configuration change happens
  * A reload gets triggered from a configuration management tool
  * HAProxy's `ExecReload` command, `haproxy -c` exits with code 1 due
    to a syntax error.
  * systemd kills HAProxy, causing an outage

This issue has been reported upstream in issue #11238 [2] and has been
fixed in commit d611cfa [3] of pull request #13098 [4]. The fix is
quite fresh (2019-07-17) and seems that will be included in v243.

Unfortunately, this issue has unexpected side-effects and may cause
problems to Debian users that use systemd to manage production-grade
services, after upgrading to Buster.

I tried to apply the fix [3] on the package's source tree for Buster
and it seems to work; the patch applies cleanly, the package gets
builded and systemd behaves as expected.

I think that it is possible to include this fix in Buster.

Thanks for maintaining systemd in Debian,
Nikos

[1] https://github.com/systemd/systemd/commit/ec5b1452ac73e41274f9b3ca401f813fa079b9f0
[2] https://github.com/systemd/systemd/issues/11238
[3] https://github.com/systemd/systemd/commit/86bc88ca8dbdeeefc2e5032636b9677fda126184
[4] https://github.com/systemd/systemd/pull/13098

-- Package-specific info:

-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser          3.118
ii  libacl1          2.2.53-4
ii  libapparmor1     2.13.2-10
ii  libaudit1        1:2.8.4-3
ii  libblkid1        2.33.1-0.1
ii  libc6            2.28-10
ii  libcap2          1:2.25-2
ii  libcryptsetup12  2:2.1.0-5
ii  libgcrypt20      1.8.4-5
ii  libgnutls30      3.6.7-4
ii  libgpg-error0    1.35-1
ii  libidn11         1.33-2.2
ii  libip4tc0        1.8.2-4
ii  libkmod2         26-1
ii  liblz4-1         1.8.3-1
ii  liblzma5         5.2.4-1
ii  libmount1        2.33.1-0.1
ii  libpam0g         1.3.1-5
ii  libseccomp2      2.3.3-4
ii  libselinux1      2.8-1+b1
ii  libsystemd0      241-5
ii  mount            2.33.1-0.1
ii  util-linux       2.33.1-0.1

Versions of packages systemd recommends:
ii  dbus            1.12.16-1
ii  libpam-systemd  241-5

Versions of packages systemd suggests:
ii  policykit-1        0.105-25
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.133
ii  udev             241-5

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list