[systemd-devel] Conflicts no longer working as expected during boot in v235

Fri Oct 13 21:17:19 UTC 2017

Hi,

in Debian we enable systemd-timesyncd by default.
A while ago, I decided to install chrony. The chrony.service file has
Conflicts=systemd-timesyncd.service. In the past this was sufficient
to ensure that only chrony is started. After the upgrade to v235 I now
see this:

$ systemctl status systemd-timesyncd chron
● systemd-timesyncd.service - Network Time Synchronization
   Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service;
enabled; vendor preset: enabled)
   Active: active (running) since Fri 2017-10-13 23:11:35 CEST; 2min 23s ago
     Docs: man:systemd-timesyncd.service(8)
 Main PID: 558 (systemd-timesyn)
   Status: "Synchronized to time server 192.53.103.108:123
(0.debian.pool.ntp.org)."
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/systemd-timesyncd.service
           └─558 /lib/systemd/systemd-timesyncd

Okt 13 23:11:35 pluto systemd[1]: Starting Network Time Synchronization...
Okt 13 23:11:35 pluto systemd[1]: Started Network Time Synchronization.
Okt 13 23:12:35 pluto systemd-timesyncd[558]: Synchronized to time
server 192.53.103.108:123 (0.debian.pool.ntp.org).

● chrony.service - chrony, an NTP client/server
   Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor
preset: enabled)
   Active: active (running) since Fri 2017-10-13 23:11:35 CEST; 2min 23s ago
     Docs: man:chronyd(8)
           man:chronyc(1)
           man:chrony.conf(5)
  Process: 702 ExecStart=/usr/sbin/chronyd (code=exited, status=0/SUCCESS)
 Main PID: 722 (chronyd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/chrony.service
           └─722 /usr/sbin/chronyd

Okt 13 23:12:04 pluto chronyd[722]: Source 138.201.117.193 offline
Okt 13 23:12:04 pluto chronyd[722]: Source 78.46.253.198 offline

As you can see, both services were started during boot, despite the Conflicts.

$ systemctl cat systemd-timesyncd chrony | cat
[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target

[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=!!/lib/systemd/systemd-timesyncd
WatchdogSec=3min
User=systemd-timesync
CapabilityBoundingSet=CAP_SYS_TIME
AmbientCapabilities=CAP_SYS_TIME
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount
@obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
LockPersonality=yes
StateDirectory=systemd/timesync

[Install]
WantedBy=sysinit.target

# /lib/systemd/system/chrony.service
[Unit]
Description=chrony, an NTP client/server
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
Conflicts=systemd-timesyncd.service openntpd.service
After=network.target
ConditionCapability=CAP_SYS_TIME

[Service]
Type=forking
PIDFile=/run/chronyd.pid
ExecStart=/usr/sbin/chronyd
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full

[Install]
Alias=chronyd.service
WantedBy=multi-user.target

Those service files look correct to me and this smells like a
regression bug to me.

Thoughts how to debug this further?

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?