[systemd-devel] Masking socket activated services is broken

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Wed Jun 19 10:46:22 PDT 2013 

On Wed, Jun 19, 2013 at 07:31:44PM +0200, Michael Biebl wrote:
> 2013/6/19 Kok, Auke-jan H <auke-jan.h.kok at intel.com>:
> > On Wed, Jun 19, 2013 at 9:47 AM, Michael Biebl <mbiebl at gmail.com> wrote:
> >> 2013/6/19 Kok, Auke-jan H <auke-jan.h.kok at intel.com>:
> >>> On Tue, Jun 18, 2013 at 10:15 PM, Michael Biebl <mbiebl at gmail.com> wrote:
> >>>> Hi,
> >>>>
> >>>> I've run "systemctl mask rsyslog.service", but the service can still
> >>>> be started via
> >>>> "systemctl start rsyslog.service" or by generating a log message.
> >>>>
> >>>> Looks like a bug to me.
> >>>
> >>> Why would it be? Masking just removes the unit from the dependency
> >>> tree of a target - I kinda prefer being able to mask and manually
> >>> start a unit. The alternative, which is what you suggest, is that the
> >>
> >> Hm, are you maybe confusing disable with mask here?
> >> disable usually removes the unit from the various target.wants.
> >>
> >> And here I agree with you completely: One should still be able to
> >> start a  disabled service manually.
> >
> > you're right - I was indeed confused with disable... I can see how
> > masking a service that is socket activated shouldn't ever restart
> > it... seems as if something is completely ignoring the symlink.
> >
> > I still think that the root user should be able to start stuff that
> > has been "disabled" but in this case it probably doesn't make any
> > sense.
> 
> mask is the big hammer, a service which is masked should not be
> started, no matter how the start request is triggered: manually, via
> targets or (socket/D-Bus) activation
[...]
> See the inconsistency?
> In case of rsyslog, I can also trigger the start, by starting
> syslog.socket again and running logger.
>From the man page:

      If a unit file is empty (i.e. has the file size 0) or is
      symlinked to /dev/null its configuration will not be loaded and
      it appears with a load state of masked, and cannot be
      activated. Use this as an effective way to fully disable a unit,
      making it impossible to start it even manually.

Zbyszek

More information about the systemd-devel mailing list