Opened 7 years ago

Closed 6 years ago

#274 closed Bug / Defect (fixed)

check_systemd_running() test needs to be more precise

Reported by: martin.pitt Owned by:
Priority: minor Milestone:
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Upstream systemd recently updated the sd_booted() check to deliver correct results when using systemd init without logind and vice versa (the previous version returned TRUE in both cases):

http://cgit.freedesktop.org/systemd/systemd/commit/?id=66e411811b8090

Now, this is not terribly relevant for current OpenVPN as check_systemd_running() is only currently being used to check whether or not to use systemd-ask-password. But when not calling this from a TTY it depends on a GUI agent, and other parts of OpenVPN might call the check in the future, so I think it would be safer to adjust check_systemd_running().

Thank you!

Attachments (1)

0001-Update-systemd-check-to-current-upstream-version.patch (1.0 KB) - added by martin.pitt 7 years ago.
patch

Download all attachments as: .zip

Change History (3)

Changed 7 years ago by martin.pitt

patch

comment:1 Changed 6 years ago by kleptog

People are running into problems with hardware tokens now because this patch has not yet been merged:

Given this is just copying a bugfix from upstream I think it should just be applied. The basic problem appear to be that if you're not running systemd but are just using systemd-logind, then asking for the password fails.

comment:2 Changed 6 years ago by David Sommerseth

Resolution: fixed
Status: newclosed

Noticed this one now. We've already fixed this, by using the sd_booted() function. This is also fixed in the recently released v2.3.5.

commit f33ee6bcb12fdc3869b17b7c528a209f16581e2e master
commit 027dd7f6368d7a7fc8a4ca5e0fadd8de2c7c88da release/2.3
Author: David Sommerseth <davids@redhat.com>
Date:   Fri Oct 3 19:16:07 2014 +0200

    systemd: Use systemd functions to consider systemd availability
    
    This is another systemd implementation clean-up.  It was found that
    SELinux will block OpenVPN from checking /sys/fs/cgroups.  As OpenVPN
    only checked /sys/fs/cgroups and /sys/fs/cgroups/systemd to see if
    systemd was available or not, it was considered better to query
    systemd directly to see whether or not to query for usernames and
    passwords via systemd.
    
    This patch has been compile tested on Fedora 19 and Fedora 21 alpha and
    function tested on Fedora 19.
    
      v2 - Use PKG_CHECK_MODULES() + check for libsystemd before
           libystemd-daemon.  systemd >= 209 use a unified library
    
    Signed-off-by: David Sommerseth <davids@redhat.com>
    Acked-by: Gert Doering <gert@greenie.muc.de>
    Message-Id: <1412356567-27125-1-git-send-email-openvpn.list@topphemmelig.net>
    URL: http://article.gmane.org/gmane.network.openvpn.devel/9072
    Signed-off-by: Gert Doering <gert@greenie.muc.de>
Note: See TracTickets for help on using tickets.