Bug 2133792 - StartTransientUnitContext as unprivileged user fails with slice already existing
Summary: StartTransientUnitContext as unprivileged user fails with slice already existing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 37
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: CockpitTest
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-11 12:33 UTC by Giuseppe Scrivano
Modified: 2022-12-31 01:16 UTC (History)
16 users (show)

Fixed In Version: systemd-251.7-611.fc37 systemd-250.9-1.fc36
Clone Of:
Environment:
Last Closed: 2022-11-02 19:53:11 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Giuseppe Scrivano 2022-10-11 12:33:23 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:

Build the following Go program:

```
package main

import (
	"context"
	"fmt"
	"os"
	"strconv"

	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
	"github.com/godbus/dbus/v5"
)

// GetUserConnection returns an user connection to D-BUS
func GetUserConnection(uid int) (*systemdDbus.Conn, error) {
	return systemdDbus.NewConnection(func() (*dbus.Conn, error) {
		return dbusAuthConnection(uid, dbus.SessionBusPrivate)
	})
}

func dbusAuthConnection(uid int, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) {
	conn, err := createBus()
	if err != nil {
		return nil, err
	}

	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(uid))}

	err = conn.Auth(methods)
	if err != nil {
		conn.Close()
		return nil, err
	}
	if err := conn.Hello(); err != nil {
		return nil, err
	}

	return conn, nil
}

func main() {
	conn, err := GetUserConnection(os.Geteuid())
	if err != nil {
		panic(err)
	}
	name := "user-libpod_pod_642a6b41ae846eedd6587e86d653e43fae07431e9c8ee235dfff9652274aca2f.slice"
	properties := []systemdDbus.Property{
		systemdDbus.PropDescription(fmt.Sprintf("cgroup %s", name)),
		systemdDbus.PropWants("user.slice"),
	}
	pMap := map[string]bool{
		"DefaultDependencies": false,
		"MemoryAccounting":    true,
		"CPUAccounting":       true,
		"BlockIOAccounting":   true,
	}

	for k, v := range pMap {
		p := systemdDbus.Property{
			Name:  k,
			Value: dbus.MakeVariant(v),
		}
		properties = append(properties, p)
	}

	ch := make(chan string)
	_, err = conn.StartTransientUnitContext(context.TODO(), "user-libpod_pod_047d1efebfc678193ffe5a251334be92e62a1aee7ecab2c8c6fc80973e9e51d5.slice", "replace", properties, ch)
	fmt.Println(err)
}
```

Steps to Reproduce:
1. go mod init example.com/m
2. go mod tidy
3. go build
4 ./m

Actual results:

Unit user-libpod_pod_047d1efebfc678193ffe5a251334be92e62a1aee7ecab2c8c6fc80973e9e51d5.slice already exists.


Expected results:


<nil>

Additional info:

It works fine on F36 and Rawhide

Comment 1 Giuseppe Scrivano 2022-10-11 12:34:02 UTC
Podman upstream issue: https://github.com/containers/podman/issues/16107

Comment 2 Daniel Walsh 2022-10-13 08:51:19 UTC
This is an urgent issue for us.  If we downgrade to systemd-251.4-53.fc37 the problem goes away.

This will block the next release of Podman.

Comment 3 Yu Watanabe 2022-10-14 07:31:10 UTC
I briefly checked the last point release, but nothing suspicious found.
Could you see https://github.com/containers/podman/issues/16107#issuecomment-1278581594
and open an systemd upstream issue?

Comment 4 Giuseppe Scrivano 2022-10-14 13:13:23 UTC
a simpler reproducer that uses only busctl:

NAME=test-$RANDOM.slice
echo Running $NAME
busctl --user call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartTransientUnit 'ssa(sv)a(sa(sv))' "$NAME" "replace" 6 "Description" "s" "slice" "Wants" as 1 "user.slice" "DefaultDependencies" b false MemoryAccounting b true CPUAccounting b true BlockIOAccounting b true 0


On F36 I get:

Running test-20500.slice
o "/org/freedesktop/systemd1/job/44528"

On F37:

Running test-31900.slice
Call failed: Unit test-31900.slice already exists.

Comment 5 Zbigniew Jędrzejewski-Szmek 2022-10-14 13:18:24 UTC
https://github.com/systemd/systemd/pull/25004

Comment 6 Zbigniew Jędrzejewski-Szmek 2022-10-14 16:44:49 UTC
The pull request is still being discussed upstream.
For now, you can uninstall systemd-oomd-defaults as a work-around.

Comment 7 Fedora Update System 2022-10-24 20:05:44 UTC
FEDORA-2022-c72fd8b071 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-c72fd8b071

Comment 8 Fedora Update System 2022-10-25 11:34:52 UTC
FEDORA-2022-c72fd8b071 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-c72fd8b071`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c72fd8b071

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-11-02 19:53:11 UTC
FEDORA-2022-c72fd8b071 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2022-12-20 19:17:31 UTC
FEDORA-2022-ef4f57b072 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-ef4f57b072

Comment 11 Fedora Update System 2022-12-21 02:26:22 UTC
FEDORA-2022-ef4f57b072 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-ef4f57b072`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-ef4f57b072

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2022-12-31 01:16:07 UTC
FEDORA-2022-ef4f57b072 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.