Project

General

Profile

Bug #16184

Intermittent test failures on the devel branch: fails to login "Failed to fully start up daemon: Permission denied"

Added by intrigeri 5 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
12/03/2018
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
bugfix/16352-16184-systemd-v240+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Keeping track of regressions brought by tracking systemd/stretch-backports:

Dec 03 11:36:29 amnesia gdm-password][4026]: pam_unix(gdm-password:session): session opened for user amnesia by (uid=0)
Dec 03 11:36:29 amnesia systemd[1]: Stopped /run/user/0 mount wrapper.
Dec 03 11:36:29 amnesia systemd[1]: Started /run/user/1000 mount wrapper.
Dec 03 11:36:29 amnesia systemd[1]: Created slice User Slice of UID 1000.
Dec 03 11:36:29 amnesia systemd[1]: Starting User Manager for UID 1000...
Dec 03 11:36:29 amnesia systemd-logind[1331]: New session 5 of user amnesia.
Dec 03 11:36:29 amnesia systemd[1]: Started Session 5 of user amnesia.
Dec 03 11:36:29 amnesia systemd[4040]: pam_unix(systemd-user:session): session opened for user amnesia by (uid=0)
Dec 03 11:36:29 amnesia systemd[4040]: Failed to fully start up daemon: Permission denied
Dec 03 11:36:29 amnesia systemd[4041]: pam_unix(systemd-user:session): session closed for user amnesia
Dec 03 11:36:29 amnesia systemd[1]: user@1000.service: Failed with result 'protocol'.
Dec 03 11:36:29 amnesia systemd[1]: Failed to start User Manager for UID 1000.
Dec 03 11:36:29 amnesia systemd[1]: user-runtime-dir@1000.service: Unit not needed anymore. Stopping.
Dec 03 11:36:29 amnesia systemd[1]: Stopping /run/user/1000 mount wrapper...
Dec 03 11:36:29 amnesia gdm-password][4026]: pam_systemd(gdm-password:session): Failed to create session: Start job for unit user@1000.service failed with 'failed'
Dec 03 11:36:29 amnesia gdm-session-worker[4026]: Entering PostLogin

This looks like a systemd bug:

It happens only rarely, is unlikely to affect human users, and is probably fixed in systemd v240. So for now, let's ignore this and if it gets too painful, upgrade to systemd v240.


Related issues

Related to Tails - Bug #16100: Fix systemd CVE-2018-15687 Rejected 11/05/2018
Related to Tails - Bug #16352: Fix systemd vulnerabilities: CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866 Resolved 01/13/2019
Blocks Tails - Feature #15507: Core work 2019Q1: Foundations Team Resolved 04/08/2018

Associated revisions

Revision 407d9a0f (diff)
Added by intrigeri 3 months ago

Install systemd (240-4~bpo9+0tails1) from our custom APT repo (refs: #16352, #16184)

Revision 9be4bef8 (diff)
Added by intrigeri 3 months ago

Let APT install the newest systemd among those available in stretch-backports and in our custom APT repo (refs: #16352, #16184)

This ensures our custom backport (240-4~bpo9+0tails1) is superseded
by the official one once the latter is uploaded.

Revision b8bf6b87
Added by intrigeri 3 months ago

Merge branch 'bugfix/16352-16184-systemd-v240+force-all-tests' into devel

(Fix-committed: #16352, #16184)

History

#1 Updated by intrigeri 5 months ago

  • Related to Bug #16097: Memory erasure tests regression on the devel branch added

#2 Updated by intrigeri 5 months ago

  • Related to Bug #16100: Fix systemd CVE-2018-15687 added

#3 Updated by intrigeri 5 months ago

#4 Updated by intrigeri 5 months ago

  • Assignee set to intrigeri

#5 Updated by intrigeri 3 months ago

  • Related to deleted (Bug #16097: Memory erasure tests regression on the devel branch)

#6 Updated by intrigeri 3 months ago

  • Description updated (diff)

#7 Updated by intrigeri 3 months ago

  • Description updated (diff)

#8 Updated by intrigeri 3 months ago

  • Description updated (diff)

#9 Updated by intrigeri 3 months ago

On the devel branch, this error appears 36 times, among 145 *.journal files saved on test suite failures. So it does not happen as rarely as I thought.

I'll quicky check why I thought this "is unlikely to affect human users". If I don't easily find a convincing answer, I'll work on the upgrade to v240, which we might need anyway due to a local root exploit that was disclosed yesterday by Qualys.

#10 Updated by intrigeri 3 months ago

  • Related to Bug #16352: Fix systemd vulnerabilities: CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866 added

#11 Updated by intrigeri 3 months ago

  • Status changed from Confirmed to In Progress

#12 Updated by intrigeri 3 months ago

  • % Done changed from 0 to 50
  • Feature Branch set to bugfix/16352-16184-systemd-v240+force-all-tests

The test suite has not been run often enough with systemd v240 for this to have any statistical significance, but FWIW: this error is nowhere to be found in the *.journal saved by failed scenarios on Jenkins nor in my local test suite runs. This is consistent with my initial research (see ticket description) that suggests the root cause for this problem was fixed in v240.

#13 Updated by intrigeri 3 months ago

  • Assignee deleted (intrigeri)
  • QA Check set to Ready for QA

Same as #16352.

#14 Updated by lamby 3 months ago

  • Assignee set to lamby
Mon 14 14:06 < intrigeri> lamby: OK. So please take #16352 + #16184 (same branch). And anonym offered to do the other remaining one (#16261)

Taking

#15 Updated by lamby 3 months ago

  • Assignee changed from lamby to intrigeri
  • QA Check changed from Ready for QA to Pass

LGTM. Methodology:

  • Checked out bugfix/16352-16184-systemd-v240+force-all-tests at 26671c6e2c6361a12d284f0e95cdc78ecce9c146
  • Built; see attached tails-amd64-bugfix_16352-16184-systemd-v240+force-all-tests-3.12-20190114T1422Z-26671c6e2c.buildlog.xz.
  • Booted in qemu:

  • Confirmed we are running 240-4~bpo9+0tails1:

  • Shutdown (no issues)
  • Booted again, remembering to enable an Administrator Password in the Tails Greeter (!).
  • Restarted some services, eg:

  • sudo halt:

§

(Unrelated to review: I note that https://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/2019-January/thread.html#37902 has had replies.)

#16 Updated by intrigeri 3 months ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

#17 Updated by intrigeri 3 months ago

  • Assignee deleted (intrigeri)

Thanks!

#18 Updated by anonym 3 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF