pro livepatch status incorrect when run as normal user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Livepatch Client |
New
|
Undecided
|
Unassigned | ||
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
Low
|
Lucas Albuquerque Medeiros de Moura | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
pro status shows livepatch as "disabled" when "canonical-
[ Test Plan ]
In a multipass VM:
```
# attach to pro
sudo pro attach
# hack canonical-livepatch to return an error
cat > error.sh <<EOF
#!/bin/sh
echo "this is a simulated error" >&2
false
EOF
chmod +x error.sh
sudo rm /snap/bin/
sudo ln -s /home/ubuntu/
# check livepatch's status according to pro
pro status
```
Without the fix, livepatch will show as "disabled".
With the fix, livepatch will show as "warning", and there will be a notice that says "Error running canonical-livepatch status: this is a simulated error"
[ Where problems could occur ]
Since this changes how the status of livepatch is displayed, then a mistake could lead to livepatch's status being incorrect
[Original Description]
livepatch shows as disabled when `pro status` is run as a normal user, but enabled when run with sudo.
$ pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes disabled Canonical Livepatch service
$ sudo pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service
This is probably a separate issue, but similarly (with a few numbers I have replaced by <censored>:
$ canonical-livepatch status
internal error, please report: running "canonical-
$ sudo canonical-livepatch status
last check: 35 minutes ago
kernel: <censored>
server check-in: succeeded
kernel state: ✓ kernel is supported by Canonical.
patch state: ✓ all applicable livepatch modules inserted
patch version: <censored>
tier: stable
ubuntu-
Ubuntu 22.04.2 LTS
Changed in ubuntu-advantage-tools (Ubuntu): | |
importance: | Undecided → Low |
Changed in ubuntu-advantage-tools (Ubuntu): | |
assignee: | nobody → Lucas Albuquerque Medeiros de Moura (lamoura) |
description: | updated |
description: | updated |
Hello, Jeremy, thanks for reporting.
The Client relies on `canonical- livepatch status` to show the status. As it errors out, we are not able to say it is enabled - but don't capture the error either.
This is a bug against canonical-livepatch for sure. In the client side, I wonder if we can identify errors and report it on `pro status`.