[Bug 707098] [NEW] "oom" change in 1:5.3p1-3ubuntu5 causes "operation not permitted"

Alan Porter ubuntu-launchpad at kr4jb.net
Mon Jan 24 19:27:35 UTC 2011 

Public bug reported:

WHAT RECENTLY CHANGED

Recently, a security update was pushed out for the openssh-server
package.

The package changes:
    -openssh-client 1:5.3p1-3ubuntu4
    -openssh-server 1:5.3p1-3ubuntu4
    -openssl 0.9.8k-7ubuntu8.4
    +openssh-client 1:5.3p1-3ubuntu5
    +openssh-server 1:5.3p1-3ubuntu5
    +openssl 0.9.8k-7ubuntu8.5

The upgrade makes a change to the /etc/init/ssh.conf file:

$ diff before/etc/init/ssh.conf after/etc/init/ssh.conf
10d9
< expect fork
15c14
< #oom never
---
> oom never
27c26
< exec /usr/sbin/sshd
---
> exec /usr/sbin/sshd -D

THE PROBLEM

I have a virtual machine at Tektonic.net.  This service is a virtuozzo
VM.  After upgrading to the new 1:5.3p1-3ubuntu5 package, I could no
longer SSH into the VM.  I rebooted the machine, and SSH never allowed a
connection ("connection refused").

I found this in my /var/log/syslog.  The timestamp corresponds to when I
did the upgrade (and I forget whether I manually did a "service ssh
restart").

Jan 23 16:04:23 satu init: ssh main process (32282) terminated with status 255
Jan 23 16:04:23 satu init: Failed to spawn ssh pre-start process: unable to set oom adjustment: Operation not 
permitted

WORK-AROUND

I booted the VM in "recovery mode", which allows me to directly modify
the files on the VM's disk image.  I reverted the /etc/init/ssh.conf to
the way it was in version 1:5.3p1-3ubuntu4 (removing the "-D" and the
"oom never" and adding back the "expect fork").  When I rebooted, the
machine came up normally and I was able to SSH in again.

SYSTEM INFORMATION

I know that Virtuozzo machines are a little different than normal
machines... they are more like a "chroot jail" than a normal machine.
And I am not sure if those differences are what caused SSH to not
respond.  But I have installed the same upgrade on native machines and
on Xen VM's with no problems.

If you need more information about this Virtuozzo VM, I am happy to
provide details.

$ lsb_release -rd
Description:	Ubuntu 10.04.1 LTS
Release:	10.04

$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:5.3p1-3ubuntu5
  Candidate: 1:5.3p1-3ubuntu5
  Version table:
 *** 1:5.3p1-3ubuntu5 0
        500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
     1:5.3p1-3ubuntu3 0
        500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
https://bugs.launchpad.net/bugs/707098

Title:
  "oom" change in 1:5.3p1-3ubuntu5 causes "operation not permitted"

More information about the Ubuntu-server-bugs mailing list