rpms/systemd
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
systemd/38724.patch
Zbigniew Jędrzejewski-Szmek 5acde9f1fd Add workaround patch to hopefully pass podman CI tests
2025-08-26 15:15:17 +02:00

64 lines
2.7 KiB
Diff
Raw Blame History

From 5bc3a82e81355a0aa1fd25bb6232145f868fac12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 26 Aug 2025 15:00:02 +0200
Subject: [PATCH] debug: disable ioctl(PIDFD_GET_INFO)
In https://bodhi.fedoraproject.org/updates/FEDORA-2025-a0ce059969 it was
reported that the tests fail:
> Rootless podman tests all show something like this eventually
>
> OCI runtime error: crun: join keyctl `7509a871d2ab7df6549f5cb5bd2d4daf990cc45c0022f116bd0882966ae53f30`: Disk quota exceeded
>
> Each container creates its own keyring but I assume they get leaked so at one
> point we run our of available keyrings and all following tests fail like
> that. Given I only see this on this update and from looking at the podman
> tests logs it only starts happening after we run a bunch of our own systemd
> services I wonder if systemd maybe leaks keyrings and thus it fails?
After some very tediuos bisecting, I got the answer that
dcf0ef3f42b0ea12e199540a4088bd582875ddfa is the first bad commit. This doesn't
make much sense. I thought that maybe the answer is wrong somehow, or the fd we
pass in has problems, but everything seems to work correctly. Both
pidfd_get_pid_ioctl and pidfd_get_pid_fdinfo work fine and return the same
answer. Nevertheless, skipping the call to pidfd_get_pid_ioctl makes the
problem go away.
bisection recipe:
1. compile systemd, systemd-executor, pam_systemd:
$ ninja -C build systemd systemd-executor pam_systemd.so
(Not all intermediate commits compile :) )
2. use the compiled manager for the user running the tests:
# /etc/systemd/system/user@1000.service.d/override.conf
[Service]
ExecStart=
ExecStart=/home/fedora/src/systemd/build/systemd --user
3. install the new code:
# cp ~fedora/src/systemd/build/pam_systemd.so /usr/lib64/security/ && systemctl restart user@1000
3. log out and log in again (via ssh)
4. run the test:
$ grep -Ec '[a-f0-9]{64}: empty' /proc/keys && podman run -it fedora date && grep -Ec '[a-f0-9]{64}: empty' /proc/keys
17
Tue Aug 26 12:47:44 UTC 2025
18
It seems that both the pam module and the user manager somehow matter.
This smells like a kernel bug or some strange race condition.
---
src/basic/pidfd-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/pidfd-util.c b/src/basic/pidfd-util.c
index 9910819aa79d9..b317be267f445 100644
--- a/src/basic/pidfd-util.c
+++ b/src/basic/pidfd-util.c
@@ -74,7 +74,7 @@ int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) {
}
static int pidfd_get_info(int fd, struct pidfd_info *info) {
- static bool cached_supported = true;
+ static bool cached_supported = false;
assert(fd >= 0);
assert(info);
Reference in a new issue View git blame Copy permalink