[systemd-devel] Conflicts no longer working as expected during boot in v235
Michael Biebl
mbiebl at gmail.com
Fri Oct 13 21:17:19 UTC 2017
Hi,
in Debian we enable systemd-timesyncd by default.
A while ago, I decided to install chrony. The chrony.service file has
Conflicts=systemd-timesyncd.service. In the past this was sufficient
to ensure that only chrony is started. After the upgrade to v235 I now
see this:
$ systemctl status systemd-timesyncd chron
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service;
enabled; vendor preset: enabled)
Active: active (running) since Fri 2017-10-13 23:11:35 CEST; 2min 23s ago
Docs: man:systemd-timesyncd.service(8)
Main PID: 558 (systemd-timesyn)
Status: "Synchronized to time server 192.53.103.108:123
(0.debian.pool.ntp.org)."
Tasks: 2 (limit: 4915)
CGroup: /system.slice/systemd-timesyncd.service
└─558 /lib/systemd/systemd-timesyncd
Okt 13 23:11:35 pluto systemd[1]: Starting Network Time Synchronization...
Okt 13 23:11:35 pluto systemd[1]: Started Network Time Synchronization.
Okt 13 23:12:35 pluto systemd-timesyncd[558]: Synchronized to time
server 192.53.103.108:123 (0.debian.pool.ntp.org).
● chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2017-10-13 23:11:35 CEST; 2min 23s ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 702 ExecStart=/usr/sbin/chronyd (code=exited, status=0/SUCCESS)
Main PID: 722 (chronyd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/chrony.service
└─722 /usr/sbin/chronyd
Okt 13 23:12:04 pluto chronyd[722]: Source 138.201.117.193 offline
Okt 13 23:12:04 pluto chronyd[722]: Source 78.46.253.198 offline
As you can see, both services were started during boot, despite the Conflicts.
$ systemctl cat systemd-timesyncd chrony | cat
[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
After=systemd-remount-fs.service systemd-sysusers.service
Before=time-sync.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-sync.target
[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=!!/lib/systemd/systemd-timesyncd
WatchdogSec=3min
User=systemd-timesync
CapabilityBoundingSet=CAP_SYS_TIME
AmbientCapabilities=CAP_SYS_TIME
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount
@obsolete @raw-io @reboot @swap
SystemCallArchitectures=native
LockPersonality=yes
StateDirectory=systemd/timesync
[Install]
WantedBy=sysinit.target
# /lib/systemd/system/chrony.service
[Unit]
Description=chrony, an NTP client/server
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
Conflicts=systemd-timesyncd.service openntpd.service
After=network.target
ConditionCapability=CAP_SYS_TIME
[Service]
Type=forking
PIDFile=/run/chronyd.pid
ExecStart=/usr/sbin/chronyd
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
[Install]
Alias=chronyd.service
WantedBy=multi-user.target
Those service files look correct to me and this smells like a
regression bug to me.
Thoughts how to debug this further?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the systemd-devel
mailing list