[Bug 1732411] Re: On upgrade, daemon-reexec should only be issued if safe
Loïc Minier
loic.minier at ubuntu.com
Fri Dec 15 13:19:41 UTC 2017
Could you describe the minimal steps to reproduce the issue on top of a
standard 16.04?
NB: /sys is not read-only on official images and deployments, and this
doesn't seem to affect official images.
** Description changed:
Dear all,
- Following up the bug report #1713674, when executing systemd in a
- hardened LXC context, it might not be suitable to reexec systemd daemon,
- that would not be able to perform.
+ Following up the bug #1713674, when executing systemd in a hardened LXC
+ context, it might not be suitable to reexec systemd daemon, that would
+ not be able to perform.
For instance, in our LXC, we drop several capabilities, including
sys_admin and we set /sys to read-only (in which, systemd will find its
cgroups). This means, systemd cannot be reexecuted, it will fail to
restart and will freeze (properly) at restart making the LXC container
in frozen state (still working, but no new services startable, no
interaction with systemd possible anymore).
When upgrading systemd the debian package, as postinst, will always
attempt to reexecute systemd, possibly breaking every other upgrade
where a daemon restart is made in postinst, and leaving the system in a
degraded state.
It would likely be appropriate the check whether the reexecute can work
will before performing it: checking capabilities, sys mount point perms,
etc. If not applicable, not performing a reexucte and possibly print a
message to the user.
Occurs with Ubuntu Xenial 16.04.3 LTS and systemd 229-4ubuntu21.
Cheers
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1732411
Title:
On upgrade, daemon-reexec should only be issued if safe
Status in lxc package in Ubuntu:
Invalid
Status in systemd package in Ubuntu:
New
Bug description:
Dear all,
Following up the bug #1713674, when executing systemd in a hardened
LXC context, it might not be suitable to reexec systemd daemon, that
would not be able to perform.
For instance, in our LXC, we drop several capabilities, including
sys_admin and we set /sys to read-only (in which, systemd will find
its cgroups). This means, systemd cannot be reexecuted, it will fail
to restart and will freeze (properly) at restart making the LXC
container in frozen state (still working, but no new services
startable, no interaction with systemd possible anymore).
When upgrading systemd the debian package, as postinst, will always
attempt to reexecute systemd, possibly breaking every other upgrade
where a daemon restart is made in postinst, and leaving the system in
a degraded state.
It would likely be appropriate the check whether the reexecute can
work will before performing it: checking capabilities, sys mount point
perms, etc. If not applicable, not performing a reexucte and possibly
print a message to the user.
Occurs with Ubuntu Xenial 16.04.3 LTS and systemd 229-4ubuntu21.
Cheers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1732411/+subscriptions
More information about the foundations-bugs
mailing list