systemd-resolved unit should run Before=network-online.target
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Steve Langasek | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
=== Begin SRU Template ===
[Impact]
For releases using systemd-resolved (yakkety and zesty); the unit
configuration does not require that the service be active before
allowing systemd to reach 'network-
target used to allow other units which require networking access to
run.
In some cases, units which run After=network-
encounter DNS failures if systemd-resolved is not yet completely
active.
The fix is to add Before=
for systemd-
[Test Case]
1. lxc launch ubuntu-
2. lxc exec y1 -- journalctl -o short-precise \
--unit systemd-resolved --unit network-
3. Check order of units; If 'Reached target Network is Online' is
listed before 'Started Network Name Resolution', then DNS may not
be up.
Example FAIL output:
# apt-cache policy systemd
systemd:
Installed: 231-9ubuntu3
Candidate: 231-9ubuntu3
Version table:
*** 231-9ubuntu3 500
500 http://
100 /var/lib/
231-9git1 500
500 http://
# journalctl -o short-precise -u systemd-resolved -u network-
-- Logs begin at Thu 2017-03-23 21:22:42 UTC, end at Thu 2017-03-23 21:22:49 UTC. --
Mar 23 21:22:47.173454 y1 systemd[1]: Reached target Network is Online.
Mar 23 21:22:47.197566 y1 systemd[1]: systemd-
Mar 23 21:22:47.198023 y1 systemd[1]: Starting Network Name Resolution...
Mar 23 21:22:47.207216 y1 systemd-
Mar 23 21:22:47.207265 y1 systemd-
Mar 23 21:22:47.207319 y1 systemd-
Mar 23 21:22:47.216370 y1 systemd-
Mar 23 21:22:47.237441 y1 systemd-
Mar 23 21:22:47.399614 y1 systemd[1]: Started Network Name Resolution.
Example PASS output:
# journalctl -o short-precise -u systemd-resolved -u network-
-- Logs begin at Thu 2017-03-23 21:25:08 UTC, end at Thu 2017-03-23 21:25:11 UTC. --
Mar 23 21:25:10.206276 y1 systemd[1]: systemd-
Mar 23 21:25:10.206685 y1 systemd[1]: Starting Network Name Resolution...
Mar 23 21:25:10.229430 y1 systemd-
Mar 23 21:25:10.229449 y1 systemd-
Mar 23 21:25:10.229491 y1 systemd-
Mar 23 21:25:10.229759 y1 systemd-
Mar 23 21:25:10.231969 y1 systemd-
Mar 23 21:25:10.291591 y1 systemd[1]: Started Network Name Resolution.
Mar 23 21:25:10.291944 y1 systemd[1]: Reached target Network is Online.
[Regression Potential]
Changing order in boot can be dangerous. This is a possiblity of
units using the defaults in /etc/resolv.conf (which doesn't point to
systemd-resolved until later during boot) would now run when
/etc/resolv.conf points to systemd-resolved service (127.0.0.53).
[Original Description]
1) Xenial, Yakkety and Zesty; (Xenial is affected if you're using networkd and resolved, but it's not the default)
2) 229-4ubuntu16, 231-9ubuntu3, 232-18ubuntu1 respectively to (1)
3) DNS resolution should be available once systemd has reached 'network-
4) Sometimes systemd-resolved has not become active prior to network-
The remaining issue for the systemd-
CVE References
Changed in systemd (Ubuntu): | |
status: | New → Fix Committed |
assignee: | nobody → Steve Langasek (vorlon) |
description: | updated |
Changed in systemd (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in systemd (Ubuntu Xenial): | |
milestone: | none → ubuntu-16.04.3 |
Related history in LP: #1649931