#22108: fix: prevent local DoS by fully clearing systemd services on uninstall

Hello OpenClaw Team, This PR fixes a critical bug in the uninstallation process that causes a Local Denial of Service (resource exhaustion) on Linux machines. **The Issue:** Currently, both `uninstallSystemdService` and `uninstallLegacySystemdUnits` remove the physical unit files and run `disable --now`. However, they fail to run `systemctl daemon-reload` and `systemctl reset-failed`. As a result, `systemd` keeps the ghost units in memory and enters an infinite crash/restart loop. **The Impact:** 1. This crash loop continuously writes logs to the Linux `pstore`, which mounts directly to the motherboard's NVRAM. Within weeks, this fills up the entire NVRAM (8-16MB on average), forcing the BIOS into a locked "Write Protected" state to prevent hardware damage. 2. During system shutdown, the looping ghost service prevents `systemd` from unmounting `/var/cache`. The kernel aborts the power-off and forces an unkillable reboot loop. I documented this entire crisis and the community response here: https://www.reddit.com/r/openclaw/comments/1r98r6x/bug_report_leftover_openclawgatewayservice_acts/ **The Fix:** I updated both uninstallation functions to include: - `systemctl daemon-reload` to flush the removed unit from systemd's memory. - `systemctl reset-failed` to stop any existing crash loops. This ensures the system is left in a clean state and prevents hardware-level locking. Thanks, Berke Serçe <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds `systemctl daemon-reload` and `systemctl reset-failed` calls to both `uninstallSystemdService` and `uninstallLegacySystemdUnits` functions. These commands flush removed systemd units from memory and clear any crash loops, preventing a Local DoS condition where ghost services continuously crash and fill NVRAM with logs. **Major changes:** - Added `daemon-reload` after unit file removal in both uninstall functions to ensure systemd picks up the removed unit - Added `reset-failed` to stop any existing crash/restart loops - In `uninstallLegacySystemdUnits`, both calls are wrapped in the existing `systemctlAvailable` check **Issues found:** - The new `daemon-reload` and `reset-failed` calls don't check exit codes, unlike the same calls in `installSystemdService` (lines 207-209). If these commands fail silently, users won't know the cleanup didn't complete, potentially leaving the DoS condition unresolved. <h3>Confidence Score: 3/5</h3> - This PR is mostly safe to merge but has missing error handling - The fix addresses a critical bug and the approach is sound - adding `daemon-reload` and `reset-failed` is the correct solution to prevent systemd ghost units. However, the implementation lacks error checking on these critical cleanup operations. In `installSystemdService`, the same `daemon-reload` call checks exit codes and throws errors (lines 207-209), but the uninstall functions don't. This inconsistency could leave users unaware if cleanup fails. Since uninstall is a cleanup operation (not critical path), warnings would be more appropriate than exceptions. - Pay attention to `src/daemon/systemd.ts` - ensure error handling is added for the new systemctl calls _{Last reviewed commit: 2e2f82f} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->