You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the unit does not contain an Install section, it can not be enabled:
$ sudo systemctl enable apt-daily.service
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
instance name specified.
Now let's use inspec to test the unit. We want it to NOT be enabled:
$ cat demo.rb
control 'demo' do
service_name = 'apt-daily.service'
describe service(service_name) do
it { should_not be_enabled }
end
end
$ inspec exec demo.rb
Profile: tests from demo.rb (tests from demo.rb)
Version: (not specified)
Target: local://
Target ID: 72956cf0-a832-5101-bfc5-4fb32d972065
× demo: Service apt-daily.service
× Service apt-daily.service is expected not to be enabled
expected Service apt-daily.service not to be enabled
Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 0 successful, 1 failure, 0 skipped
In lib/inspec/resources/service.rb, inspec invokes systemctl is-enabled apt-daily.services to test if the service is enabled:
result = inspec.command("#{service_ctl} is-enabled #{service_name} --quiet")
return true if result.exit_status == 0
Exit code 0 from systemctl is-enabled does however not mean that the service is enabled:
Steps to reproduce
Identify any static service, for example one that is started by a timer:
systemctl list-units --type=timer
This example shall use
apt-daily.service
.apt-daily.service
is a static service:The unit does not contain an
Install
section:As the unit does not contain an
Install
section, it can not be enabled:Now let's use
inspec
to test the unit. We want it to NOT be enabled:In
lib/inspec/resources/service.rb
,inspec
invokessystemctl is-enabled apt-daily.services
to test if the service is enabled:Exit code 0 from
systemctl is-enabled
does however not mean that the service is enabled:Compared to services that are actually disabled or enabled:
This behaviour is documented in the table of exit codes for
systemctl is-enabled
:Environment
Possible Solution
A possible fix would be to check output from the command above for the string "enabled".
The text was updated successfully, but these errors were encountered: