Skip to content

fix(agent-sec-core): explicitly enable systemd user unit after install#1322

Open
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-systemd-enable-nightly-20260704
Open

fix(agent-sec-core): explicitly enable systemd user unit after install#1322
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-systemd-enable-nightly-20260704

Conversation

@zhangtaibo

Copy link
Copy Markdown
Contributor

Summary

Fixes #1320

The %systemd_user_post macro calls systemctl preset <unit>, which checks the system preset policy. Since no preset rule matches agent-sec-core.service, the default action is disable, leaving the unit disabled after package installation.

This PR adds an explicit systemctl --user enable agent-sec-core.service 2>/dev/null || true after %systemd_user_post in the %post -n agent-sec-cli section to ensure the security daemon is enabled on install.

Root Cause

%systemd_user_post expands to:

systemd-update-helper install-user-units agent-sec-core.service

This only copies the unit file to the user preset directory. It then calls systemctl preset, which checks /usr/lib/systemd/user-preset/90-systemd.preset. Since no rule in that file matches agent-sec-core.service, the default action is disable.

Fix

 %post -n agent-sec-cli
 %systemd_user_post agent-sec-core.service
+systemctl --user enable agent-sec-core.service 2>/dev/null || true

The 2>/dev/null || true ensures the scriptlet does not fail if the user session is not available during RPM install.

Verification

  • Applied patch on ECS (fresh clone of anolisa main 161859b9)
  • Build: source /root/.cargo/env && bash scripts/rpm-build.sh agent-sec-core → exit 0, all 8 RPMs produced
  • Verified %post script in built RPM contains systemctl --user enable agent-sec-core.service 2>/dev/null || true after the systemd-update-helper call

This PR was automatically generated by the nightly test pipeline (run nightly-20260704-020034).

%systemd_user_post calls systemctl preset, which checks the
preset policy. Since no preset rule matches agent-sec-core.service,
the default action is disable, leaving the unit disabled after
package installation.

Add explicit 'systemctl --user enable agent-sec-core.service' after
%systemd_user_post to ensure the security daemon is enabled on install.

Fixes alibaba#1320
@zhangtaibo zhangtaibo requested a review from yangdao479 as a code owner July 3, 2026 20:22
@github-actions github-actions Bot added the component:sec-core src/agent-sec-core/ label Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:sec-core src/agent-sec-core/

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[agent-sec-core] systemd user unit not enabled after RPM install — %systemd_user_post preset leaves agent-sec-core.service disabled

1 participant