[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#832155: New ssh-session-cleanup.service kills ssh user session during upgrade

Am 24.07.2016 um 17:47 schrieb Colin Watson:
> On Sun, Jul 24, 2016 at 01:38:25AM +0200, Michael Biebl wrote:

>> I referenced in my other reply that the network.target ordering has just
>> been added recently (in v230). So it is possible that previously there
>> was still an issue on shutdown. This is fixed now.
> Do you plan to update jessie with this fix? 

I can do that. Unfortunately I've already filed the jessie-pu bug for
systemd a couple of hours ago (#832336, for 8.6), but I could update the
pu request accordingly.
I see what I can do, otherwise it will be in the next stable point
release, i.e 8.7

> dependencies.  Unfortunately there's no good way to say "Depends:
> libpam-systemd, but only if systemd is pid 1".

Right, we do not have conditional Depends. But since sysvinit-core is
the only existing alternative in stretch, we could use Depends:
libpam-systemd | sysvinit-core. It's slighly ugly but would probably do
the trick.

> It's unfortunate that we don't have a good way to simply be able to
> assume that all systemd users have libpam-systemd installed, which is
> what I'd really prefer to be able to do here.

I am more and more inclined that we should simply make libpam-systemd a
hard dependency of either systemd or systemd-sysv.

>> Please disable the ssh-session-cleanup.service hack by default if you
>> don't want to remove it. Or better, ship it as an example file.
> Compromise proposal: how about I make it do nothing if libpam-systemd is
> installed (e.g. "ConditionPathExists=!/usr/share/pam-configs/systemd",
> which is probably the simplest available check without needing to deal
> with multiarch paths), in which case presumably the hack isn't needed?
> (For backports to jessie, such a check would need to be deleted, unless
> you plan to backport the ordering fix as requested above.)

I'm still pretty much convinced that a hack like this should not be
shipped by default, which is totally unnecessary for a default
installation. It set's a wrong precedent.
If we start piling up hacks like this, in 10 years we are back at that
mess that sysvinit has become.


Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: