Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/var/run/qubes-service qvm-sevice available too late breaks systemd services #1985

Closed
adrelanos opened this issue May 11, 2016 · 14 comments
Closed

/var/run/qubes-service qvm-sevice available too late breaks systemd services #1985

adrelanos opened this issue May 11, 2016 · 14 comments
Labels
r3.1-fc21-stable r3.1-fc22-stable r3.1-fc23-stable r3.1-jessie-stable r3.1-stretch-stable r3.1-wheezy-stable T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Milestone
Release 3.0 updates

Comments

@adrelanos
Copy link
Member

Qubes OS version

R3.1

Affected TemplateVMs

debian-8 (standalone)

Steps to reproduce the behavior:

Qubes VM Manager -> right click on VM -> services -> enter (without the single quotes) 'netfilter-persistent' -> click on + -> OK

Start VM.

user@sys-vpn:~$ sudo service netfilter-persistent status
● netfilter-persistent.service - netfilter persistent configuration
   Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled)
  Drop-In: /lib/systemd/system/netfilter-persistent.service.d
           └─30_qubes.conf
   Active: inactive (dead)
           start condition failed at Wed 2016-05-11 23:45:35 CEST; 25s ago
           ConditionPathExists=/var/run/qubes-service/netfilter-persistent was not met

May 11 23:45:35 localhost systemd[1]: Started netfilter persistent configuration.

user@sys-vpn:~$ ls /var/run/qubes-service/netfilter-persistent
/var/run/qubes-service/netfilter-persistent

Expected behavior:

/var/run/qubes-service files should be readable before netfilter-persistent (or any other) systemd service starts.

Actual behavior:

/var/run/qubes-service is available too late.

General notes:

This breaks VPN-Firewall. (A project maintained by me that could theoretically in future provide a bulletproof sys-vpn implementation, that (in development branch) would also defeat fixed shared VPN/Tor server leak bug (adrelanos/vpn-firewall#12) and solve #1941.

Related issues:

#1941
@adrelanos adrelanos mentioned this issue May 11, 2016
Closed
@andrewdavidwong andrewdavidwong added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. C: Debian labels May 11, 2016
@adrelanos adrelanos mentioned this issue May 11, 2016
Closed
marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue May 11, 2016
@marmarek
systemd: order units checking for qubes-service after qubes-sysinit
1cf4fd3 
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.

Fixes QubesOS/qubes-issues#1985
marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue May 11, 2016
@marmarek
systemd: order units checking for qubes-service after qubes-sysinit
5e08e2b 
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.

Thanks @adrelanos for the report.

Fixes QubesOS/qubes-issues#1985
@marmarek marmarek mentioned this issue May 11, 2016
Merged
@marmarek
Copy link
Member

Take a look at attached PR. Does it fix the problem for you (you can check for that service only)?

@adrelanos
Copy link
Member Author

This was quick. Awesome. Works for me.

(I will be shipping a separate drop-in file as workaround for vpn-firewall until this ends up in stable. Should not matter.)

adrelanos pushed a commit to adrelanos/vpn-firewall that referenced this issue May 11, 2016
workaround for Qubes bug
b2243b5 
/var/run/qubes-service qvm-sevice available too late breaks systemd services
QubesOS/qubes-issues#1985
@marmarek marmarek added this to the Release 3.0 updates milestone May 17, 2016
marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Jun 25, 2016
@marmarek
systemd: order units checking for qubes-service after qubes-sysinit
5c1ba0b 
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.

Thanks @adrelanos for the report.

Fixes QubesOS/qubes-issues#1985

(cherry picked from commit 5e08e2b)
@marmarek
Copy link
Member

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.17-1.fc21 has been pushed to the r3.1 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.17-1.fc22 has been pushed to the r3.1 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.1.17-1.fc23 has been pushed to the r3.1 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb8u1 has been pushed to the r3.1 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb9u1 has been pushed to the r3.1 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb7u1 has been pushed to the r3.1 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-upgrade-vm-3.1-1.fc21 has been pushed to the r3.1 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-upgrade-vm-3.1-1.fc22 has been pushed to the r3.1 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-upgrade-vm-3.1-1.fc23 has been pushed to the r3.1 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb8u1 has been pushed to the r3.1 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb9u1 has been pushed to the r3.1 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-agent_3.1.17-1+deb7u1 has been pushed to the r3.1 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
r3.1-fc21-stable r3.1-fc22-stable r3.1-fc23-stable r3.1-jessie-stable r3.1-stretch-stable r3.1-wheezy-stable T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
Release 3.0 updates
Development

No branches or pull requests
3 participants
@marmarek @adrelanos @andrewdavidwong