Ubuntu
systemd package

"machinectl shell" connections immediately terminated

Bug #1959475 reported by renbag
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned

Bug Description

[Impact]

This bug prevents users on Impish and newer from connecting to Focal systemd containers using `machinectl shell`. This limits users ability to manage containers spawned with systemd-nspawn.

[Test Plan]

On a Jammy host, do the following:

* Install systemd-container and debootstrap if necessary:

  $ sudo apt install debootstrap systemd-container

* Create a Focal filesystem for the container:

  $ sudo debootstrap --arch=<arch> focal /var/lib/containers/lp1959475/

* Launch the container:

  $ sudo systemd-nspawn -D /var/lib/containers/lp1959475/ --machine test-container

* Inside the container, set a password for root and then exit:

  $ passwd # Enter password when prompted
  $ exit

* Re-launch the container with -b option:

  $ sudo systemd-nspawn -D /var/lib/containers/lp1959475/ --machine test-container -b

* In a separate terminal window, try to connect to the container:

  $ sudo machinectl shell test-container

* Observe the "Connection to machine test-container terminated" error message.

[Where problems could occur]

The patch changes a path_equal() call to path_equal_ptr() which NULL-checks before calling path_compare(). This avoids an assertion failure in path_compare() and allows the term to be correctly configured in execution environments requiring one. If were regressions were to occur, it would be related to this configuration.

[Other Info]

This bug occurs when trying to connect to a Focal container from e.g. a Jammy host. For SRU verification, the container
should be Focal, and the host should be Jammy. The -proposed package should be installed in the Focal container.

[Original Description]

The command "machinectl shell" does not work in systemd 249.9-0ubuntu2:

$ sudo machinectl shell ns-xxx
Connected to machine ns-xxx. Press ^] three times within 1s to exit session.

Connection to machine ns-xxx terminated.

The issue seems to be described here:
https://forum.manjaro.org/t/the-machinectl-shell-command-stopped-working-after-systemd-upgrade-to-250-2-1/99899
https://github.com/systemd/systemd/issues/22234

and solved here:

https://github.com/systemd/systemd/commit/e8cf09b2a2ad0d48e5493050d54251d5f512d9b6

See original description

Related branches

~enr0n/ubuntu/+source/systemd:ubuntu-focal
Lukas Märdian: Approve
Diff: 170 lines (+142/-0)
4 files modified
debian/changelog (+11/-0)
debian/patches/lp1959475-core-make-sure-we-don-t-get-confused-when-setting-TERM-fo.patch (+34/-0)
debian/patches/lp1966800-shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch (+95/-0)
debian/patches/series (+2/-0)
Revision history for this message
renbag (renbag) wrote :

Sorry, the patch in:

https://github.com/systemd/systemd/commit/e8cf09b2a2ad0d48e5493050d54251d5f512d9b6

is already applied in systemd 249.9-0ubuntu2, so that is not the solution.

Revision history for this message
renbag (renbag) wrote :

These are the messages reported by journalctl inside the container:

Jan 29 12:27:53 ns-xxx systemd[153]: Assertion 'a' failed at src/basic/path-util.c:486, function path_compare(). Aborting.
Jan 29 12:27:53 ns-xxx systemd[1]: container-shell@2.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit container-shell@2.service has successfully entered the 'dead' state.

Revision history for this message
renbag (renbag) wrote (last edit ):

From the last comments in:

https://github.com/systemd/systemd/issues/22234

the problem is due to an incompatibility of the new versions of systemd with older ones.
In fact the container was running ubuntu focal, with systemd_245.4-4ubuntu3.15, and the host was running ubuntu jammy with systemd 249.9-0ubuntu2.
So the problem should be ideally solved by including the patch in:

https://github.com/systemd/systemd/commit/e8cf09b2a2ad0d48e5493050d54251d5f512d9b6

also in older versions of systemd.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Andre Tomt (andre-tomt) wrote :

Just tested, and can confirm backporting e8cf09b2a2ad0d48e5493050d54251d5f512d9b6 to focal's systemd fixes the segfaults when using machinectl shell on a Jammy host trying to start a shell in a Focal nspawn container.

Revision history for this message
Andre Tomt (andre-tomt) wrote :

Please consider backporting for Focal (20.04) at least. The backport is trivial and applies cleanly as-is except for patch offsets.

Might be wise to test some other combinations though. For example hosts without this commit, running nspawn containers with it.

Nick Rosbrook (enr0n)
tags: added: rls-ff-incoming rls-jj-incoming
Brian Murray (brian-murray)
tags: added: focal
Matthieu Clemenceau (mclemenceau)
tags: added: fr-2315
Brian Murray (brian-murray)
Changed in systemd (Ubuntu Focal):
importance: Undecided → Medium
Changed in systemd (Ubuntu):
importance: Undecided → Medium
tags: removed: rls-ff-incoming rls-jj-incoming
Nick Rosbrook (enr0n)
description: updated
Revision history for this message
Lukas Märdian (slyon) wrote :

The commit in question is included in upstream v246+, so only affects Focal.

Changed in systemd (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Lukas Märdian (slyon) wrote (last edit ):

A fix for this issue has been staged in git for the next Focal SRU: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b10c6853050dde26665caf3b15444d768d2bc498

Thank you @enr0n for providing the merge proposal!

Changed in systemd (Ubuntu Focal):
status: New → In Progress
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello renbag, or anyone else affected,

Accepted systemd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/245.4-4ubuntu3.18 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/245.4-4ubuntu3.18)

All autopkgtests for the newly accepted systemd (245.4-4ubuntu3.18) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

linux-gke-5.15/5.15.0-1015.18~20.04.1 (arm64, amd64)
netplan.io/0.104-0ubuntu2~20.04.2 (armhf)
linux-hwe-5.15/5.15.0-48.54~20.04.1 (armhf, amd64)
gvfs/1.44.1-1ubuntu1.1 (ppc64el)
linux-oracle-5.15/5.15.0-1016.20~20.04.1 (arm64)
linux-oracle-5.13/5.13.0-1036.43~20.04.1 (arm64)
linux-hwe-5.11/5.11.0-61.61 (arm64)
systemd/245.4-4ubuntu3.18 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
renbag (renbag) wrote :

I can't make comments about the regressions, however I tested the systemd (245.4-4ubuntu3.18) package in a focal container and confirm that solves this bug (connecting from a jammy host).

Revision history for this message
Nick Rosbrook (enr0n) wrote :

The autopkgtest regressions were all resolved with retries.

I verified this fix as well, using the test plan above to create a focal container with -proposed enabled:

nr@clean-jammy-amd64:~$ lsb_release -cs
jammy
nr@clean-jammy-amd64:~$ sudo machinectl shell test-container
Connected to machine test-container. Press ^] three times within 1s to exit session.
root@clean-jammy-amd64:~# apt-cache policy systemd
systemd:
  Installed: 245.4-4ubuntu3.18
  Candidate: 245.4-4ubuntu3.18
  Version table:
 *** 245.4-4ubuntu3.18 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     245.4-4ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
root@clean-jammy-amd64:~# lsb_release -cs
focal
root@clean-jammy-amd64:~#

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Matthieu Clemenceau (mclemenceau)
tags: added: foundations-todo
Revision history for this message
Dan Streetman (ddstreet) wrote :

> The patch expands the case where the TERM variable is inherited from PID 1 when building an execution environment, e.g. for a container. If problems were to occur, it would be related to the value of TERM in environments forked off of PID 1.

Eh? That isn't at all what the patch does...

Anyway, that patch only incidentally 'fixes' this, by changing the caller to use path_equals_ptr which null-checks; while a better commit is 105396778174a39bb04e9a78281ec7601e252d9f which fixes path_compare() itself (i.e. for all callers).

Revision history for this message
Nick Rosbrook (enr0n) wrote :

> Eh? That isn't at all what the patch does...

Before the patch, the `getenv("TERM")` call would not happen; now it does.

While fixing path_compare() may be a better long-term solution, I think the existing patch is appropriate for this bug/SRU.

Revision history for this message
Nick Rosbrook (enr0n) wrote :

Er, I see the problem in my description now. It's been a while since I looked at this patch. In any case, the patch is still appropriate.

Nick Rosbrook (enr0n)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 245.4-4ubuntu3.18

---------------
systemd (245.4-4ubuntu3.18) focal; urgency=medium

  [ Nick Rosbrook ]
  * core: make sure we don't get confused when setting TERM for a tty fd
    (LP: #1959475)
    File: debian/patches/lp1959475-core-make-sure-we-don-t-get-confused-when-setting-TERM-fo.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b10c6853050dde26665caf3b15444d768d2bc498
  * shared/calendarspec: when mktime() moves us backwards, jump forward
    (LP: #1966800)
    File: debian/patches/lp1966800-shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1f063541e44f6ff1a6904676d4264a2e49a09594
  * network: do not remove localhost address (LP: #1979951)
    File: debian/patches/lp1979951-network-do-not-remove-localhost-address.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=87f872b8c5451f353601fb606e7fd7a479217cef
  * units: remove the restart limit on the modprobe@.service (LP: #1982462)
    File: debian/patches/lp1982462-units-remove-the-restart-limit-on-the-modprobe-.service.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=68353ffaf3539e6a58ef62a8b50850f56eae29ea

  [ Mustafa Kemal Gilor ]
  * d/p/lp1978079-efi-pstore-not-cleared-on-boot.patch: pstore: Run after
    modules are loaded. Thanks to Alexander Graf <email address hidden>.
    (LP: #1978079)
    Author: Mustafa Kemal Gilor
    File: debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e60756f2079d6408abdb967127a1d9b9a0eba8c

 -- Nick Rosbrook <email address hidden> Wed, 31 Aug 2022 11:27:33 -0400

Changed in systemd (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Nick Rosbrook (enr0n)
tags: removed: foundations-todo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.