mirror of
https://github.com/systemd/systemd.git
synced 2025-01-21 22:04:01 +03:00
5162829ec8
These operations might require slow I/O, and thus might block PID1's main loop for an undeterminated amount of time. Instead of performing them inline, fork a worker process and stash away the D-Bus message, and reply once we get a SIGCHILD indicating they have completed. That way we don't break compatibility and callers can continue to rely on the fact that when they get the method reply the operation either succeeded or failed. To keep backward compatibility, unlike reload control processes, these are ran inside init.scope and not the target cgroup. Unlike ExecReload, this is under our control and is not defined by the unit. This is necessary because previously the operation also wasn't ran from the target cgroup, so suddenly forking a copy-on-write copy of pid1 into the target cgroup will make memory usage spike, and if there is a MemoryMax= or MemoryHigh= set and the cgroup is already close to the limit, it will cause an OOM kill, where previously it would have worked fine.
48 lines
2.3 KiB
Bash
Executable File
48 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
# shellcheck disable=SC2016
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
# Test adding new BindPaths while unit is already running
|
|
|
|
at_exit() {
|
|
set +e
|
|
|
|
rm -f /run/TEST-23-UNIT-FILE-marker-{fixed,runtime}
|
|
rm -fr /run/inaccessible
|
|
}
|
|
|
|
trap at_exit EXIT
|
|
|
|
echo "MARKER_FIXED" >/run/TEST-23-UNIT-FILE-marker-fixed
|
|
mkdir /run/inaccessible
|
|
|
|
systemctl start TEST-23-UNIT-FILE-namespaced.service
|
|
|
|
# Ensure that inaccessible paths aren't bypassed by the runtime setup,
|
|
(! systemctl bind --mkdir TEST-23-UNIT-FILE-namespaced.service /run/TEST-23-UNIT-FILE-marker-fixed /run/inaccessible/testfile-marker-fixed)
|
|
|
|
echo "MARKER_WRONG" >/run/TEST-23-UNIT-FILE-marker-wrong
|
|
echo "MARKER_RUNTIME" >/run/TEST-23-UNIT-FILE-marker-runtime
|
|
|
|
# Mount twice to exercise mount-beneath (on kernel 6.5+, on older kernels it will just overmount)
|
|
systemctl bind --mkdir TEST-23-UNIT-FILE-namespaced.service /run/TEST-23-UNIT-FILE-marker-wrong /tmp/testfile-marker-runtime
|
|
test "$(systemctl show -P SubState TEST-23-UNIT-FILE-namespaced.service)" = "running"
|
|
systemctl bind --mkdir TEST-23-UNIT-FILE-namespaced.service /run/TEST-23-UNIT-FILE-marker-runtime /tmp/testfile-marker-runtime
|
|
|
|
timeout 10 bash -xec 'while [[ "$(systemctl show -P SubState TEST-23-UNIT-FILE-namespaced.service)" == running ]]; do sleep .5; done'
|
|
systemctl is-active TEST-23-UNIT-FILE-namespaced.service
|
|
|
|
test "$(busctl --json=short get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/TEST_2d23_2dUNIT_2dFILE_2dnamespaced_2eservice org.freedesktop.systemd1.Unit CanLiveMount)" = "{\"type\":\"b\",\"data\":true}"
|
|
|
|
# Now test that systemctl bind fails when attempted on a non-namespaced unit
|
|
systemctl start TEST-23-UNIT-FILE-non-namespaced.service
|
|
|
|
(! systemctl bind --mkdir TEST-23-UNIT-FILE-non-namespaced.service /run/TEST-23-UNIT-FILE-marker-runtime /tmp/testfile-marker-runtime)
|
|
|
|
test "$(busctl --json=short get-property org.freedesktop.systemd1 /org/freedesktop/systemd1/unit/TEST_2d23_2dUNIT_2dFILE_2dnon_2dnamespaced_2eservice org.freedesktop.systemd1.Unit CanLiveMount)" = "{\"type\":\"b\",\"data\":false}"
|
|
|
|
timeout 10 bash -xec 'while [[ "$(systemctl show -P SubState TEST-23-UNIT-FILE-non-namespaced.service)" == running ]]; do sleep .5; done'
|
|
(! systemctl is-active TEST-23-UNIT-FILE-non-namespaced.service)
|