postrm "systemctl start" call ignores policy-rc.d

Bug #1771994 reported by Robie Basak on 2018-05-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chrony (Ubuntu)

Bug Description

I'm not sure if this bug is valid.

In the review of Christian's chrony merge, I noticed that the postrm calls "systemctl start systemd-timesyncd". This is conditioned on a "systemctl is-enabled".

It isn't clear to me how systemd is supposed to interact with policy-rc.d now. If a user has disabled systemd-timesyncd via policy-rc.d only, will this violate policy by starting it? If so, what's the correct way to make the call? I'd have used "invoke-rc.d ..." in the past, but I'm not sure what the correct mechanism is with systemd.

Related branches

Andreas Hasenack (ahasenack) wrote :

I created a dummy /usr/sbin/policy-rc.d file that echoed to /tmp/andreas the command line arguments it got, and no /tmp file was created when I ran "systemctl restart systemd-timesyncd".

With "invoke-rc.d systemd-timesyncd restart", however, I got:
root@nsnx:~# cat /tmp/andreas
/usr/sbin/policy-rc.d invoked
arguments: systemd-timesyncd restart 5

So systemctl bypassed policy-rc.d, whereas invoke-rc.d does not.

Changed in chrony (Ubuntu):
status: New → Triaged
importance: Undecided → Low

man deb-systemd-invoke
  "deb-systemd-invoke - wrapper around systemctl, respecting policy-rc.d"

FYI - I fixed this as part of the merge for disco which is in review atm.

Launchpad Janitor (janitor) wrote :
Download full text (4.5 KiB)

This bug was fixed in the package chrony - 3.4-1ubuntu1

chrony (3.4-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable (LP: #1802886). Remaining changes:
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
      Chrony is a single service which acts as both NTP client (i.e. syncing the
      local clock) and NTP server (i.e. providing NTP services to the network),
      and that is both desired and expected in the vast majority of cases.
      But in containers syncing the local clock is usually impossible, but this
      shall not break the providing of NTP services to the network.
      To some extent this makes chrony's default config more similar to 'ntpd',
      which complained in syslog but still provided NTP server service in those
      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
      + debian/control: add new dependency libcap2-bin for capsh (usually
        installed anyway, but make them explicit to be sure).
      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
        (Default off).
      + debian/ wrapper to handle special cases in containers
        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
        containers on a default installation and avoid failing to sync time (or
        if allowed to sync, avoid multiple containers to fight over it by
      + debian/install: make available on install.
      + debian/docs, debian/README.container: provide documentation about the
        handling of this case.
    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
    - Notify chrony to update sources in response to systemd-networkd
      events (LP: 1718227)
      + d/links: link dispatcher script to networkd-dispatcher events routable
        and off
      + d/control: set Recommends to networkd-dispatcher
  * Dropped Changes (upstream):
    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
    - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
      the service on newer kernels by falling back to urandom. (LP: 1787366)
  * Added Changes:
    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
      (LP: #1771994)

chrony (3.4-1) unstable; urgency=medium

  * Import upstream version 3.4:
    - Please see /usr/share/doc/chrony/NEWS.gz for the release notes.

  * Merge branch “experimental” into “master”.

  * debian/chrony.service:
    - Conflict with ntpsec.service.

  * debian/copyright:
    - Update copyright years.

  * debian/patches/*:
    - Remove fix-samplefilt-unit-test-to-work-with-low-precision-clock.patch,
    fixed upstream.

chrony (3.4~pre1-2) experimental; urgency=medium

  * debian/patches/*:
    - Cherry-pick upstream patch to fix samplefilt unit test to work with
    low-precision clocks. This should prevent chrony from failing to build
    from source on HPPA and Alpha.

chrony (3.4~pre1-1) experimental; urgency=medium

  * Import upstream version 3.4-pre1:
    - Please see /usr/share/doc/chrony/NEW...


Changed in chrony (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers