From 97369238e65ced6ed03e16cbd5679769e95c0466 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 10 Sep 2023 09:39:53 +0200 Subject: [PATCH] maintenance(systemd): support the Windows Subsystem for Linux When running in the Windows Subsystem for Linux (WSL), it is usually necessary to use the Git Credential Manager for authentication when performing the background fetches. This requires interoperability between the Windows Subsystem for Linux and the Windows host to work, which uses so-called vsocks, i.e. sockets intended for communcations between virtual machines and the host they are running on. However, when Git is configured to run background maintenance via `systemd`, the address families available to those maintenance processes are restricted, and did not include `AF_VSOCK`. This leads to problems e.g. when a background fetch tries to access github.com: systemd[437]: Starting Optimize Git repositories data... git[747387]: WSL (747387) ERROR: UtilBindVsockAnyPort:285: socket failed 97 git[747381]: fatal: could not read Username for 'https://github.com': No such device or address git[747381]: error: failed to prefetch remotes git[747381]: error: task 'prefetch' failed systemd[437]: git-maintenance@hourly.service: Main process exited, code=exited, status=1/FAILURE systemd[437]: git-maintenance@hourly.service: Failed with result 'exit-code'. systemd[437]: Failed to start Optimize Git repositories data. Address this (pun intended) by adding the `AF_VSOCK` address family to the allow list. This fixes https://github.com/microsoft/git/issues/604, and is a backport of 5e8515e8e8d (maintenance(systemd): support the Windows Subsystem for Linux, 2023-09-10). Signed-off-by: Johannes Schindelin --- builtin/gc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/gc.c b/builtin/gc.c index 0de1c4dfafca91..97cb72af1d9088 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -2495,7 +2495,7 @@ static int systemd_timer_write_service_template(const char *exec_path) "LockPersonality=yes\n" "MemoryDenyWriteExecute=yes\n" "NoNewPrivileges=yes\n" - "RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6\n" + "RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_VSOCK\n" "RestrictNamespaces=yes\n" "RestrictRealtime=yes\n" "RestrictSUIDSGID=yes\n"