This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1945569 - systemd --user fails to start when /run/user/<UID> is not a mount point
Summary: systemd --user fails to start when /run/user/<UID> is not a mount point
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: systemd
Version: 8.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Michal Sekletar
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-01 09:58 UTC by Renaud Métrich
Modified: 2023-09-21 11:09 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-21 11:09:13 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker   RHEL-5874 0 None Migrated None 2023-09-21 11:09:14 UTC

Description Renaud Métrich 2021-04-01 09:58:08 UTC 
Description of problem:

A customer can see sometimes the following message in the journal:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
systemd[1]: Starting User Manager for UID XXX...
systemd[78237]: pam_unix(systemd-user:session): session opened for user XXXUSERNAME by (uid=0)
systemd[78237]: Failed to fully start up daemon: Permission denied
systemd[1]: user: Failed with result 'protocol'.
systemd[1]: Failed to start User Manager for UID XXX.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This leads to tagging the user@.service for that user as Failed, causing a report to be shown in their monitoring tool.

James was able to reproduce this as well in real conditions.
I wasn't, however I was able to reproduce by creating the directory /run/user/UID manually, as root, similar to what /usr/lib/systemd/systemd-user-runtime-dir does when a session gets created.

Normally, /usr/lib/systemd/systemd-user-runtime-dir creates the directory, then mounts a TMPFS filesystem on top of it, which permissions set for the user.

For some (still unknown) reasons, we suspect that /run/user/UID doesn't get deleted at the time a new session comes in, causing the issue above, since /run/user/UID is owned by root, always.
This is because /usr/lib/systemd/systemd-user-runtime-dir doesn't do anything when it detects that /run/user/UID is already a mount point, in particular doesn't mount the TMPFS filesystem, hence the permissions are not correct for "systemd --user" to be able to create its directories later.

Digging into the code, I can see that systemd-user-runtime-dir relies on path_is_mount_point() to find out if it's a mount point:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
 33 static int user_mkdir_runtime_path(const char *runtime_path, uid_t uid, gid_t gid, size_t runtime_dir_size) {
 34         int r;
 :
 45         if (path_is_mount_point(runtime_path, NULL, 0) >= 0)
 46                 log_debug("%s is already a mount point", runtime_path);
 47         else {
 48                 char options[sizeof("mode=0700,uid=,gid=,size=,smackfsroot=*")
 :
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

But that code doesn't work, it's indeed enough to have a top directory (e.g. "/run") be a mount point for condition on line 45 to be true and falling into line 46 and doing nothing.
On RHEL systems, "/run" *is* a mount point, so it's always true.
In that exact scenario, we would need to check that "/run/user/UID" **is** a mount point itself, and not a parent would be a mount point.

Comparing with Upstream code, I don't see a difference, the code is similarly buggy. However the failing condition on "systemd --user" is not hit because there is a test made in pam_systemd, which then avoids spawning the systemd user instance:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
systemd[20313]: pam_systemd(systemd-user:session): Runtime directory '/run/user/101166' is not owned by UID 101166, as it should.
systemd[20313]: pam_systemd(systemd-user:session): Not setting $XDG_RUNTIME_DIR, as the directory is not in order.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Version-Release number of selected component (if applicable):

systemd-239-41.el8_3.1.x86_64


How reproducible:

Always


Steps to Reproduce:
1. create directory as root

  # mkdir -p /run/user/$(id -u rmetrich)

2. ssh to the system

  # ssh rmetrich@localhost true


Actual results:

  systemd --user fails

Expected results:

  no failure, and /run/user/rmetrich a TMPFS mountpoint
Comment 1 Persona non grata 2021-05-18 12:21:22 UTC 
I experience the same on some of my systems. Other RHEL8.3 systems with same systemd version are somehow not affected.
At the moment, I don't see a cause or consistency.
Comment 2 Renaud Métrich 2021-05-18 12:42:12 UTC 
Hi Benjamin,

Can you reproduce regularly on one of your system?
It may be related to BZ #1946453.

If you can reproduce regularly, please apply the solution in KCS https://access.redhat.com/solutions/5931241.

Renaud.
Comment 3 Persona non grata 2021-05-20 12:43:44 UTC 
Yes, the issue occurs after applying KCS https://access.redhat.com/solutions/5931241 (without reboot/reloading systemd/resetting failed states) to some users on a specific production machine.

I don't know, if I find the time to apply the stap script in https://bugzilla.redhat.com/show_bug.cgi?id=1946453 to verify further and try to apply the workaround on a engineering machine which has this occurence also.
Comment 4 Renaud Métrich 2021-05-20 13:03:25 UTC 
Well you need to reload systemd for change to take effect, and of course clear failed units.
Comment 5 Persona non grata 2021-05-20 13:35:37 UTC 
my communication here was unfortunate, I meant
- reloaded systemd
- resetted failed states

-> i did not a reboot (its not suggested in de KCS, but I wanted to clarify that.)
Comment 8 RHEL Program Management 2023-09-21 11:08:27 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 9 RHEL Program Management 2023-09-21 11:09:13 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.
Note You need to log in before you can comment on or make changes to this bug.