Drop present? and booted? systemd checks #11
Conversation
|
@sj26 If you could also take a look at this one for inclusion in the release... this simplifies things and makes SELinux less complex for projects. Appreciate you reviewing and considering! |
|
I had this debate with myself when initially writing the plugin. But systemd's documentation specifically recommending using the Could you help me understand the failure case, maybe demonstrate it? |
| # https://www.freedesktop.org/software/systemd/man/sd_booted.html | ||
| # | ||
| def booted? | ||
| IO.popen(["systemctl", "is-system-running"], &:read).chomp != "offline" |
There was a problem hiding this comment.
From that page:
Internally, this function checks whether the directory /run/systemd/system/ exists. A simple check like this can also be implemented trivially in shell or any other language.
Perhaps this better? It doesn't have to exec anything which is safer.
There was a problem hiding this comment.
I tested this and it worked. I know the original comment seemed to warn against this:
# We could check for the systemd run directory directly, but we can't be
# absolutely sure of it's location and breaks encapsulation. We can be sure
# that systemctl is present on a systemd system and understand whether
# systemd is running. The systemd-notify binary actually recommends this.
However, if that page on sd_booted is correct this ought to be a safe option that doesn't make things more complex for SELinux users.
There was a problem hiding this comment.
I can't find that part in the current man pages. Perhaps the recommendations have changed?
There was a problem hiding this comment.
Right, I was considering the edge case that systemd might be installed with a different prefix and so best deferred to the system's $PATH a la pkg-config. But a non-default prefix would be very irregular. I also thought that the implementation of sd_booted was more complex, but it is not, and is in fact just detecting that one and only directory path. So I'm not even sure a non-default directory is possible.
So this implementation looks good. 👍
|
The failure case arises if you are running puma within a confined SELinux process; shelling out to systemctl requires an execption: |
ehelms
force-pushed
the
drop-present-booted
branch
from
6b36c79
to
0fc364a
Compare
For systems with SELinux enabled, the check of the systemctl binary and shelling out to run systemctl can cause policy violations that provide additional complications for users of the plugin.
ehelms
force-pushed
the
drop-present-booted
branch
from
0fc364a
to
b5f4971
Compare
lib/puma/plugin/systemd.rb
Outdated
| @@ -28,10 +28,10 @@ def start(launcher) | |||
| @launcher.events.debug "systemd: WATCHDOG_PID=#{ENV["WATCHDOG_PID"].inspect}" | |||
| @launcher.events.debug "systemd: WATCHDOG_USEC=#{ENV["WATCHDOG_USEC"].inspect}" | |||
|
|
|||
| # Only install hooks if systemd is present, the systemd is booted by | |||
| # Only install hooks if systemd is booted by | |||
There was a problem hiding this comment.
| # Only install hooks if systemd is booted by | |
| # Only install hooks if the system is booted by |
|
Thanks! 🙌 |
|
Released in v0.1.5 |
The check of whether NOTIFY_SOCKET is set should be sufficient for
enabling the plugin. Using this plugin and setting notify are
intentional use cases that should suffice. For systems with
SELinux enabled, the check of the systemctl binary and shelling
out to run systemctl can cause policy violations that provide
additional complications for users of the plugin.