Incorrectly identifies processes inside LXD container on jammy/cgroupsv2
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| needrestart (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Processes inside of LXD containers are incorrectly identified as needing a restart on jammy. The cause is that needrestart does not correctly parse cgroups v2.
Since needrestart is installed in a default install, this is problematic as it prompts you to restart and actually restarts the host version of a container's processes unnecessarily.
I have sent an upstream pull request to fix this here, it's a simple fix to the regex:
https:/
Upstream also already has a fix to the same for Docker:
https:/
We should patch both of these into Jammy before release. I can send this patch upstream to Debian also however as they do not currently use cgroups v2 by default it is not directly affected in a default configuration (but would be affected if you enable them). Since we are also close to release this may also need to be expedited.
= Test Case =
- Install Jammy Server with needrestart installed (the server iso installs it by default, cloud/vm/lxd images do not)
- Launch an LXD focal container
- (slightly harder) inside the focal container, upgrade a commonly used library such as libc6. To do this you may need to first downgrade libc6, restart avahi-daemon, upgrade it again.
- Run "needrestart" on the host and see that the container's avahi-daemon is recognised to restart (but it will restart the hosts process, and the next invocation will prompt to restart again)
Related branches
- Canonical Server packageset reviewers: Pending requested
- Canonical Server: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 2655 lines (+2411/-0)40 files modifieddebian/changelog (+9/-0)
debian/patches/Jammy-update-to-git-eb3531af-0003-Update-ChangeLog.patch (+294/-0)
debian/patches/Jammy-update-to-git-eb3531af-0004-Update-ChangeLog.patch (+29/-0)
debian/patches/Jammy-update-to-git-eb3531af-0005-Fix-typo.patch (+29/-0)
debian/patches/Jammy-update-to-git-eb3531af-0006-Support-LXD-installed-through-snap.patch (+59/-0)
debian/patches/Jammy-update-to-git-eb3531af-0007-Handle-differences-in-cgroup-names-for-LXD-container.patch (+31/-0)
debian/patches/Jammy-update-to-git-eb3531af-0008-Fix-restarting-for-containers-in-LXD-projects.patch (+44/-0)
debian/patches/Jammy-update-to-git-eb3531af-0009-Update-documentation-for-LXC-LXD-support.patch (+35/-0)
debian/patches/Jammy-update-to-git-eb3531af-0010-Fix-typo-in-German-translation.patch (+30/-0)
debian/patches/Jammy-update-to-git-eb3531af-0011-Update-ChangeLog.patch (+34/-0)
debian/patches/Jammy-update-to-git-eb3531af-0012-systemd-manager-restart-Support-also-exe-usr-lib-sys.patch (+33/-0)
debian/patches/Jammy-update-to-git-eb3531af-0014-Update-ChangeLog.patch (+43/-0)
debian/patches/Jammy-update-to-git-eb3531af-0015-Update-ChangeLog.patch (+29/-0)
debian/patches/Jammy-update-to-git-eb3531af-0017-Update-ChangeLog.patch (+29/-0)
debian/patches/Jammy-update-to-git-eb3531af-0020-Update-LXC-D-cgroup-regex-for-LXC-4.0.patch (+31/-0)
debian/patches/Jammy-update-to-git-eb3531af-0021-Do-not-restart-elogind-by-default-205.patch (+28/-0)
debian/patches/Jammy-update-to-git-eb3531af-0022-Update-ChangeLog.patch (+44/-0)
debian/patches/Jammy-update-to-git-eb3531af-0023-Ignore-Java-Native-Access-mappings-closes-142-closes.patch (+46/-0)
debian/patches/Jammy-update-to-git-eb3531af-0024-Use-license-file-from-gnu.org.patch (+138/-0)
debian/patches/Jammy-update-to-git-eb3531af-0025-Fix-spelling.patch (+117/-0)
debian/patches/Jammy-update-to-git-eb3531af-0026-Fix-shellcheck-warnings.patch (+187/-0)
debian/patches/Jammy-update-to-git-eb3531af-0027-Trim-excess-whitespace.patch (+161/-0)
debian/patches/Jammy-update-to-git-eb3531af-0028-Update-README.batch.md.patch (+30/-0)
debian/patches/Jammy-update-to-git-eb3531af-0029-Ignore-all-memfd-mappings-Debian-Bug-972685-by-Micha.patch (+46/-0)
debian/patches/Jammy-update-to-git-eb3531af-0030-Kernel-Replace-strings-1-by-GNU-grep-to-drop-binutil.patch (+45/-0)
debian/patches/Jammy-update-to-git-eb3531af-0031-Do-not-print-perfdata-if-unknown-state.patch (+41/-0)
debian/patches/Jammy-update-to-git-eb3531af-0032-Add-icinga2-example-config.patch (+58/-0)
debian/patches/Jammy-update-to-git-eb3531af-0033-also-output-user-sessions-in-batch-mode.patch (+100/-0)
debian/patches/Jammy-update-to-git-eb3531af-0034-Update-README.batch.md.patch (+32/-0)
debian/patches/Jammy-update-to-git-eb3531af-0035-use-a-configurable-tolerance-when-checking-interpret.patch (+127/-0)
debian/patches/Jammy-update-to-git-eb3531af-0036-Fix-docker-detection-on-newer-Kernels.patch (+38/-0)
debian/patches/Jammy-update-to-git-eb3531af-0037-Default-override-virtlogd-virtlockd.patch (+41/-0)
debian/patches/Jammy-update-to-git-eb3531af-0038-Detect-and-report-outdated-VMs.patch (+106/-0)
debian/patches/Jammy-update-to-git-eb3531af-0039-VM-detection-improve-wording.patch (+42/-0)
debian/patches/Jammy-update-to-git-eb3531af-0040-VM-detection-fix-whitespace-damage.patch (+30/-0)
debian/patches/Jammy-update-to-git-eb3531af-0041-VM-detection-do-not-localize-guests-that-are-found.patch (+30/-0)
debian/patches/Jammy-update-to-git-eb3531af-0042-VM-detection-localize-normal-output-of-vm-detection.patch (+39/-0)
debian/patches/Jammy-update-to-git-eb3531af-0043-Fix-LXC-LXD-and-machined-detection-for-cgroups-v2.patch (+48/-0)
debian/patches/Jammy-update-to-git-eb3531af-0044-Correct-syntax.patch (+37/-0)
debian/patches/series (+41/-0)
| Christian Ehrhardt (paelzer) wrote | #1 |
| Christian Ehrhardt (paelzer) wrote | #2 |
| Changed in needrestart (Ubuntu): | |
| status: | New → In Progress |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in needrestart (Ubuntu): | |
| status: | In Progress → Fix Released |
Hi Trent, FYI I've seen this and want to drive an FFe for this any many more fixes into Jammy in bug 1965090