Skip to content

unit-name: introduce "strict" mode for unit name mangling#42638

Merged
poettering merged 2 commits into
systemd:mainfrom
mrc0mmand:unit-mangle-strict
Jun 25, 2026
Merged

unit-name: introduce "strict" mode for unit name mangling#42638
poettering merged 2 commits into
systemd:mainfrom
mrc0mmand:unit-mangle-strict

Conversation

@mrc0mmand

@mrc0mmand mrc0mmand commented Jun 17, 2026

Copy link
Copy Markdown
Member

unit_name_mangle_with_suffix() is quite benevolent by default and allows
the unit to "transition" into a different unit type than what's
requested via its suffix argument. For example, calling
unit_name_mangle_with_suffix() with "/foo/bar" as a unit name and
".service" as a suffix would give you "foo-bar.mount", without any
warning or error.

This could then lead to a quite confusing errors in certain situations:

~# systemd-run --remain-after-exit --unit /foo/bar true
Failed to start transient service unit: Cannot set property RemainAfterExit, or unknown property.

Given we can't change the default behaviour of
unit_name_mangle_with_suffix() as some parts of systemd already depend
on its "benevolence" (like systemctl), let's introduce a new flag -
UNIT_NAME_MANGLE_STRICT - that checks if the mangled/resolved unit
name's suffix matches the requested one and errors out if not.

With the flag used throughout systemd-run's code, the error in the above
case is now a bit more clear:

~# build/systemd-run --remain-after-exit --unit /foo/bar true
Path "/foo/bar" resolves to unit type "mount", but "service" is expected as unit.
Failed to mangle unit name: Invalid argument

Resolves: #39996

@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Claude review of PR #42638 (14b1a92)

The PR is sound — the new UNIT_NAME_MANGLE_STRICT flag is correct, memory-safe (cleanup attributes + TAKE_PTR ownership and the ASSERT_PTR(strrchr(...)) contract all check out), and introduces no backward-compatibility regression for legitimate systemd-run invocations. No must-fix issues. A few suggestions and nits below.

All prior items have been addressed or dismissed by the author. This run surfaced two minor new style nits (appended below).

Suggestions

  • STRICT not enforced on escape/mangle pathsrc/basic/unit-name.c:791 — a name that escapes to a different already-valid unit type silently bypasses the strict check (dismissed)
  • Library code logs unconditionally at LOG_ERRsrc/basic/unit-name.c:737 — diverges from the function's WARN-gated diagnostics and double-logs with callers
  • Strict-mode tests miss key edge casessrc/test/test-unit-name.c:309 — no automount/mount-overlap, template/instance, or dotted-prefix coverage; the /invalid/unit/name-47 case is mislabeled
  • STRICT silently ignored for globssrc/basic/unit-name.h:61 — GLOB+STRICT don't compose; a mismatched-type glob is returned unchecked (latent; no current caller combines the flags) (dismissed)
  • Asymmetric trigger handling under strictsrc/run/run.c:2785 — sockets/paths fall to the default: branch where a .service strict mangle rejects --unit=foo.socket/foo.path, unlike timers (dismissed)

Nits

  • Duplicated device/mount strict checkssrc/basic/unit-name.c:766 — near-identical blocks could share a helper (dismissed)
  • Repeated flags expressionsrc/run/run.c:2340(arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN) | UNIT_NAME_MANGLE_STRICT repeated at four call sites (dismissed)
  • Inconsistent strict-error wordingsrc/basic/unit-name.c:738 — quoting and phrasing differ across the three strict messages
  • Continuation-line misalignment in strict blocksrc/basic/unit-name.c:738log_full_errno() continuation lines are indented one column past the first argument, unlike the two path branches
  • Inconsistent blank line between path branchessrc/basic/unit-name.c:774 — device branch has a blank line before *ret = TAKE_PTR(u), mount branch does not

Workflow run

@github-actions github-actions Bot added util-lib tests run please-review PR is ready for (re-)review by a maintainer labels Jun 17, 2026
Comment thread src/basic/unit-name.c
Comment thread src/basic/unit-name.c Outdated
Comment thread src/test/test-unit-name.c Outdated
Comment thread src/basic/unit-name.c
Comment thread src/run/run.c
Comment thread src/basic/unit-name.c Outdated
Comment thread src/basic/unit-name.h
Comment thread src/run/run.c
@mrc0mmand mrc0mmand force-pushed the unit-mangle-strict branch 2 times, most recently from 58c4ba5 to 674fd18 Compare June 17, 2026 14:19

@yuwata yuwata left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@yuwata yuwata added good-to-merge/after-next-release and removed please-review PR is ready for (re-)review by a maintainer labels Jun 18, 2026
@mrc0mmand mrc0mmand force-pushed the unit-mangle-strict branch from fc47b26 to bbb9218 Compare June 25, 2026 09:31
@mrc0mmand mrc0mmand added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed and removed good-to-merge/after-next-release labels Jun 25, 2026
Comment thread src/basic/unit-name.c Outdated
Comment thread src/basic/unit-name.c
unit_name_mangle_with_suffix() is quite benevolent by default and allows
the unit to "transition" into a different unit type than what's
requested via its suffix argument. For example, calling
unit_name_mangle_with_suffix() with "/foo/bar" as a unit name and
".service" as a suffix would give you "foo-bar.mount", without any
warning or error.

This could then lead to a quite confusing errors in certain situations:

~# systemd-run --remain-after-exit --unit /foo/bar true
Failed to start transient service unit: Cannot set property RemainAfterExit, or unknown property.

Given we can't change the default behaviour of
unit_name_mangle_with_suffix() as some parts of systemd already depend
on its "benevolence" (like systemctl), let's introduce a new flag -
UNIT_NAME_MANGLE_STRICT - that checks if the mangled/resolved unit
name's suffix matches the requested one and errors out if not.

With the flag used throughout systemd-run's code, the error in the above
case is now a bit more clear:

~# build/systemd-run --remain-after-exit --unit /foo/bar true
Path "/foo/bar" resolves to unit type "mount", but "service" is expected as unit.
Failed to mangle unit name: Invalid argument

Resolves: systemd#39996
@mrc0mmand mrc0mmand force-pushed the unit-mangle-strict branch from bbb9218 to 14b1a92 Compare June 25, 2026 10:58
@poettering poettering merged commit 4162b65 into systemd:main Jun 25, 2026
77 of 89 checks passed
@mrc0mmand mrc0mmand deleted the unit-mangle-strict branch June 25, 2026 15:20
@github-actions github-actions Bot removed the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

Confusing error message from systemd-run: Cannot set property ..., , or unknown property

3 participants