[Bug 1792400] Re: smbd failed in host when both lxd container and host have smbd

Wed Oct 24 14:47:47 UTC 2018

Thank you for noting the upstart interaction here. I agree that the fix
is correct, but I'm not sure the SRU is justified then. I'm not keen on
recommending users automatically download and install extra stuff when
it's almost certain no user needs it. Therefore I think we should cancel
this SRU. The Trusty task can be set to Invalid even perhaps, because
the issue isn't believed to affect any Trusty users (upstart is the only
supported init system on Ubuntu Trusty).

If an update is made to Trusty's samba package for any other reason
(security update or a different SRU) then it's fine to bundle this one.

** Tags removed: verification-done-trusty
** Tags added: verification-failed-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1792400

Title:
  smbd failed in host when both lxd container and host have smbd

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Committed
Status in samba source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * Issue: the current init script
     * won't start samba related services on the host if there is a process 
       of the same binary in a container
     * might on stop affect a process that it was not intended to stop

   * Solution: Fix init scripts to
     * start action to have a safer process detection with containers around
     * stop action to not affect unintended processes due to stale pidfiles

  [Test Case]

   * 1. Start a container
   * 2. Start samba in the Container (or winbind or nmbd)
   * 3. Start samba in the host (or winbind or nmbd)
    => it will not start as such a binary is already running
   * #2 and #3 can be switched, and then as 4. restart smbd in the host
    => it will shut down but not re-start

  Fixed: The container process should have no influence

   This also fixes issues where the pidfile would not be updated
   * install and start smbd
   * "Simulate" a corrupted pidfile by putting the PID of a different
     process in it
   * stop the sambd service
    => without the fixes this will drag down the other process you put in
       the pidfile

  Fixed: a stale pidfile entry should not let non-smbd (or winbind,
  nmbd) processes be affected

  [Regression Potential]

   * We tried to think of all edge cases of these start/stop actions but
     didn't come up with one that is broken. Aside from missing one of those
     cases there might be non-archive scripts that expect the old behavior.
     But even for thse no critical ones came to my mind so far.
     Worst case there'd be a combination that leads to the service
     no(re-)starting after the SRU - so thinking about potential cases is
     important.

  [Other Info]

   * n/a

  ---

  Setup: install smbd in host and lxd-container.

  Now restart smbd in host:

  service smbd restart
  All is OK.
  Problem: nmap shows "closed" on ports 139 and 445. And users cannot use smbd server in host.

    ● smbd.service - LSB: start Samba SMB/CIFS daemon (smbd)
     Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled)
     Active: active (exited) since Die 2016-10-18 17:35:23 CEST; 2s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 24218 ExecStop=/etc/init.d/smbd stop (code=exited, status=0/SUCCESS)
    Process: 21980 ExecReload=/etc/init.d/smbd reload (code=exited, status=0/SUCCESS)
    Process: 25190 ExecStart=/etc/init.d/smbd start (code=exited, status=0/SUCCESS)

  Okt 18 17:35:22 speedy systemd[1]: Starting LSB: start Samba SMB/CIFS daemon (smbd)...
  Okt 18 17:35:23 speedy smbd[25190]:  * Starting SMB/CIFS daemon smbd
  Okt 18 17:35:23 speedy smbd[25190]:    ...done.
  Okt 18 17:35:23 speedy systemd[1]: Started LSB: start Samba SMB/CIFS daemon (smbd).

  ps axf | grep smbd:

  25356 pts/2    S+     0:00  |   \_ grep --color=auto smbd
  19915 ?        Ss     0:08      \_ /usr/sbin/smbd -D
  19919 ?        S      0:00          \_ /usr/sbin/smbd -D

  However, netstat -tpln | grep "smbd" returns nothing and also nmap
  shows "closed" on ports 139 and 445.

  Workaround [1]:
  change /etc/init.d/smbd:
   if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D ; then

  to

   if ! start-stop-daemon --start --quiet --oknodo --pidfile
  /var/run/samba/smbd.pid --exec /usr/sbin/smbd -- -D ; then

  I reported this to:
  https://discuss.linuxcontainers.org/t/samba-in-host-and-container/2523

  apt-cache policy samba
  samba:
    Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.15
    Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.16
    Version table:
       2:4.3.11+dfsg-0ubuntu0.16.04.16 500
          500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
   *** 2:4.3.11+dfsg-0ubuntu0.16.04.15 500
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2:4.3.8+dfsg-0ubuntu1 500
          500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  1. https://serverfault.com/questions/810544/samba-daemon-does-not-
  work-as-systemd-service-but-works-in-foreground

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1792400/+subscriptions