[openssh-commits] [openssh] branch master updated: ssh-agent: exit 0 from SIGTERM under systemd socket-activation

git+noreply at mindrot.org git+noreply at mindrot.org
Thu May 8 10:09:16 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 086369736 ssh-agent: exit 0 from SIGTERM under systemd socket-activation
086369736 is described below

commit 086369736a9496b39af0d9f09443fa81b59b7f05
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
AuthorDate: Wed Apr 16 10:18:34 2025 +1000

    ssh-agent: exit 0 from SIGTERM under systemd socket-activation
    
    When the ssh-agent service is configured to be launched under systemd
    socket-activation, the user can inspect the status of the agent with
    something like:
    
        systemctl --user status ssh-agent.service
    
    If the user does:
    
        systemctl --user stop ssh-agent.service
    
    it causes the `systemd --user` supervisor to send a SIGTERM to the
    agent, which terminates while leaving the systemd-managed socket in
    place.  That's good, and as expected. (If the user wants to close the
    socket, they can do "systemctl --user stop ssh-agent.socket" instead)
    
    But because ssh-agent exits with code 2 in response to a SIGTERM, the
    supervisor marks the service as "failed", even though the state of the
    supervised service is exactly the same as during session startup (not
    running, ready to launch when a client connects to the socket).
    
    This change makes ssh-agent exit cleanly (code 0) in response to a
    SIGTERM when launched under socket activation. This aligns the systemd
    supervisor's understanding of the state of supervised ssh-agent with
    reality.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 ssh-agent.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 8a88ef3fd..d82b351d0 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -2241,6 +2241,7 @@ main(int ac, char **av)
 	size_t npfd = 0;
 	u_int maxfds;
 	sigset_t nsigset, osigset;
+	int socket_activated = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -2414,6 +2415,7 @@ main(int ac, char **av)
 			fatal("bad LISTEN_PID: %d vs pid %d", pid, getpid());
 		debug("using socket activation on fd=3");
 		sock = 3;
+		socket_activated = 1;
 	}
 
 	if (sock == -1 && agentsocket == NULL && !T_flag) {
@@ -2577,7 +2579,8 @@ skip:
 		sigprocmask(SIG_BLOCK, &nsigset, &osigset);
 		if (signalled_exit != 0) {
 			logit("exiting on signal %d", (int)signalled_exit);
-			cleanup_exit(2);
+			cleanup_exit((signalled_exit == SIGTERM &&
+			    socket_activated) ? 0 : 2);
 		}
 		if (signalled_keydrop) {
 			logit("signal %d received; removing all keys",

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list