Bug 1914575

Summary: grub-boot-success.service should not be started inside systemd-nspawn container
Product: Red Hat Enterprise Linux 8 Reporter: Gena Makhomed <makhomed>
Component: grub2Assignee: Bootloader engineering team <bootloader-eng-team>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.3CC: pjanda, pzatko, rharwood
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: grub2-2.02-111.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 15:31:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gena Makhomed 2021-01-09 22:15:10 UTC 
Description of problem:

grub-boot-success.service should not be started inside systemd-nspawn container

Version-Release number of selected component (if applicable):

source: grub2-2.02-90.el8.src.rpm
binary: grub2-tools-2.02-90.el8.x86_64.rpm

How reproducible:

always

Steps to Reproduce:

1. Install RHEL 8.3 / CentOS 8.3

2. install systemd-container package:

dnf install systemd-container

3. create test container:

dnf --installroot=/var/lib/machines/test --releasever=8 install dnf systemd openssh-clients openssh-server passwd vim mc

4. start test container:

machinectl start test

5. enter inside test container:

machinectl shell test

6. create user www inside container:

useradd www

7. set password for user www inside container:

passwd www

8. login to www via ssh inside container:

ssh www@localhost

9. wait two minutes

10. check systemctl status for user www:

systemctl --user

Actual results:

● grub-boot-success.service            loaded failed failed    Mark boot as successful
 grub-boot-success.timer              loaded active elapsed   Mark boot as successful after the user session has run 2 minutes

Expected results:

grub-boot-success.timer should be disabled inside systemd-nspawn containers.

Additional info:

Patch to fix this bug:

# diff -u /usr/lib/systemd/user/grub-boot-success.timer.orig /usr/lib/systemd/user/grub-boot-success.timer
--- /usr/lib/systemd/user/grub-boot-success.timer.orig  2020-09-08 22:00:24.000000000 +0300
+++ /usr/lib/systemd/user/grub-boot-success.timer       2021-01-10 00:11:23.813009897 +0200
@@ -1,5 +1,6 @@
 [Unit]
 Description=Mark boot as successful after the user session has run 2 minutes
+ConditionVirtualization=!systemd-nspawn
 ConditionUser=!@system

 [Timer]
Comment 1 Gena Makhomed 2021-01-10 09:47:45 UTC 
Updated patch to fix this bug:

# diff -u /usr/lib/systemd/user/grub-boot-success.timer.orig /usr/lib/systemd/user/grub-boot-success.timer
--- /usr/lib/systemd/user/grub-boot-success.timer.orig  2020-09-08 22:00:24.000000000 +0300
+++ /usr/lib/systemd/user/grub-boot-success.timer       2021-01-10 00:11:23.813009897 +0200
@@ -1,5 +1,6 @@
 [Unit]
 Description=Mark boot as successful after the user session has run 2 minutes
+ConditionVirtualization=!container
 ConditionUser=!@system

 [Timer]
Comment 2 Robbie Harwood 2021-09-09 21:52:17 UTC 
Hi,

> grub-boot-success.timer should be disabled inside systemd-nspawn containers.

Could you please indicate what the problem with it is?  That is, what is breaking for you?
Comment 3 Gena Makhomed 2021-09-10 06:32:11 UTC 
> Could you please indicate what the problem with it is?  That is, what is breaking for you?

"systemctl --user" command show failed service run:


● grub-boot-success.service            loaded failed failed    Mark boot as successful
 grub-boot-success.timer              loaded active elapsed   Mark boot as successful after the user session has run 2 minutes


it is breaking systemd service monitoring for me.

failed service means what something is wrong with system and it should be repaired. 

fix is trivial:

# diff -u /usr/lib/systemd/user/grub-boot-success.timer.orig /usr/lib/systemd/user/grub-boot-success.timer
--- /usr/lib/systemd/user/grub-boot-success.timer.orig  2020-09-08 22:00:24.000000000 +0300
+++ /usr/lib/systemd/user/grub-boot-success.timer       2021-01-10 00:11:23.813009897 +0200
@@ -1,5 +1,6 @@
 [Unit]
 Description=Mark boot as successful after the user session has run 2 minutes
+ConditionVirtualization=!container
 ConditionUser=!@system

 [Timer]
Comment 4 Gena Makhomed 2021-09-11 16:28:28 UTC 
P.S. This bug already fixed if Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1914571

$ cat /usr/lib/systemd/user/grub-boot-success.timer
[Unit]
Description=Mark boot as successful after the user session has run 2 minutes
ConditionUser=!@system
ConditionVirtualization=!container

[Timer]
OnActiveSec=2min
Comment 11 errata-xmlrpc 2022-05-10 15:31:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: grub2 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:2110