Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Systemd workloadattestor closes DBus connection too early #4165

Merged
merged 6 commits into from
May 24, 2023
Merged

Systemd workloadattestor closes DBus connection too early #4165

merged 6 commits into from
May 24, 2023

Conversation

rkaippully
Copy link
Contributor

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality
This PR fixes a bug in the systemd workload attestor. In getSystemdUnitInfo, the DBus connection is closed via a defer. But that connection is required later to retrieve the ID() and FragmentPath() in the Attest function. This causes attestation failures with an error message dbus: connection closed by user.

Description of change

The fix extracts the required selector attributes early and avoids using the dangling connection to DBus.

@rkaippully
Systemd workloadattestor closes DBus connection too early
5c5d98f 
This PR fixes is a bug in the systemd workload attestor. In
`getSystemdUnitInfo`, the DBus connection is closed via a `defer`. But
that connection is required later to retrieve the `ID()` and
`FragmentPath()` in the `Attest` function. This causes attestation
failures with an error message `dbus: connection closed by user`.

The fix extracts the required selector attributes early and avoids
using the dangling connection to DBus.

Signed-off-by: Raghu Kaippully <rkaippully@gmail.com>
rkaippully added 2 commits May 22, 2023 19:57
@rkaippully
Fix linter error
a7e2fc7 
Signed-off-by: Raghu Kaippully <rkaippully@gmail.com>
@rkaippully
Merge remote-tracking branch 'upstream/main' into raghu/fix-systemd-d…
f00c9ca 
…efer
azdagron
azdagron reviewed May 23, 2023
View reviewed changes
Copy link
Member

@azdagron azdagron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @rkaippully! Just a few small nitpicks and this is ready to merge.

pkg/agent/plugin/workloadattestor/systemd/systemd_posix.go Outdated Show resolved Hide resolved
pkg/agent/plugin/workloadattestor/systemd/systemd_posix.go Outdated Show resolved Hide resolved
@rkaippully @azdagron
Apply suggestions from code review
dfc95a2 
Co-authored-by: Andrew Harding <azdagron@gmail.com>
Signed-off-by: Raghu Kaippully <rkaippully@gmail.com>
@rkaippully rkaippully force-pushed the raghu/fix-systemd-defer branch from e8afaad to dfc95a2 Compare May 24, 2023 04:27
@rkaippully
Copy link
Contributor Author

Thanks for the quick review @azdagron!

azdagron
azdagron approved these changes May 24, 2023
View reviewed changes
Copy link
Member

@azdagron azdagron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again!

@azdagron azdagron merged commit 5f75f54 into spiffe:main May 24, 2023
@azdagron azdagron added this to the 1.7.0 milestone May 24, 2023
@rkaippully rkaippully deleted the raghu/fix-systemd-defer branch May 25, 2023 02:41
@amartinezfayo amartinezfayo mentioned this pull request Jul 12, 2023
Closed
Neniel pushed a commit to Neniel/spire that referenced this pull request Aug 24, 2023
@rkaippully @Neniel
Systemd workloadattestor closes DBus connection too early (spiffe#4165)
61f3927 
This PR fixes is a bug in the systemd workload attestor. In
`getSystemdUnitInfo`, the DBus connection is closed via a `defer`. But
that connection is required later to retrieve the `ID()` and
`FragmentPath()` in the `Attest` function. This causes attestation
failures with an error message `dbus: connection closed by user`.

The fix extracts the required selector attributes early and avoids
using the dangling connection to DBus.

Signed-off-by: Raghu Kaippully <rkaippully@gmail.com>
Signed-off-by: Neniel <11655196+Neniel@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azdagron azdagron azdagron approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo amartinezfayo is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@azdagron azdagron

Labels
None yet
Projects
None yet
Milestone
1.7.0
Development

Successfully merging this pull request may close these issues.
2 participants
@rkaippully @azdagron