apt-get autoremove may remove current kernel

Bug #1615381 reported by Jarno Suni on 2016-08-21
34
This bug affects 4 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Artful
Undecided
Unassigned
unattended-upgrades (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Xenial
High
Unassigned
Artful
Undecided
Unassigned

Bug Description

This may happen, if you boot one of the older kernels, that is not protected by /etc/apt/apt.conf.d/01autoremove-kernels

Workaround: run
/etc/kernel/postinst.d/apt-auto-removal
during each boot (e.g. by using cron).
Note: The workaround breaks autoremoving feature of new unneeded kernels in unattended-upgrades i.e. the setting 'Unattended-Upgrade::Remove-New-Unused-Dependencies "true"' (which is default in 16.04 unless 'Unattended-Upgrade::Remove-Unused-Dependencies "true"' is set in '/etc/apt/apt.conf.d/50unattended-upgrades'.

In shell:

$ uname -r
4.4.0-22-generic
$ apt-get -s autoremove
NOTE: This is only a simulation!
      apt-get needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  linux-headers-4.4.0-21 linux-headers-4.4.0-21-generic linux-headers-4.4.0-22
  linux-headers-4.4.0-22-generic linux-headers-4.4.0-31-generic
  linux-image-4.4.0-21-generic linux-image-4.4.0-22-generic
  linux-image-4.4.0-31-generic linux-image-extra-4.4.0-21-generic
  linux-image-extra-4.4.0-22-generic linux-image-extra-4.4.0-31-generic
0 upgraded, 0 newly installed, 11 to remove and 13 not upgraded.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apt 1.2.12~ubuntu16.04.1
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Sun Aug 21 16:11:27 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-04-28 (114 days ago)
InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.kernel.postinst.d.apt-auto-removal: [modified]
mtime.conffile..etc.kernel.postinst.d.apt-auto-removal: 2016-07-30T12:15:32.706300

Jarno Suni (jarnos) wrote :
information type: Private Security → Public Security
Jarno Suni (jarnos) wrote :

I suppose this may happen with unattended-upgrades, too, if user has configured removing of old kernels.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Public Security → Public
Jarno Suni (jarnos) on 2016-09-22
description: updated
Julian Andres Klode (juliank) wrote :

This should not happen...

# Mark as not-for-autoremoval those kernel packages that are:
# - the currently booted version
# - the kernel version we've been called for
# - the latest kernel version (as determined by debian version number)
# - the second-latest kernel version

Not sure what went wrong there...

Jarno Suni (jarnos) wrote :

Julian, it protects the kernel currently booted at the time of running /etc/kernel/postinst.d/apt-auto-removal. If you later boot another kernel that is not protected, it may be removed. Not a likely case, though.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu):
status: New → Confirmed
Doug Smythies (dsmythies) wrote :

In my case autoremove wants to delete the second-latest regular kernel version. Maybe because I have a bunch of mainline kernels installed also.

Robie Basak (racb) on 2017-10-14
tags: added: kernel-autoremove
Balint Reczey (rbalint) wrote :

In default configuration booted kernel does not become newly unused, but when u-u is configured to remove all autoremovable packages the booted kernel can be removed in case it was not running when was run.

Balint Reczey (rbalint) wrote :

... /etc/kernel/postinst.d/apt-auto-removal was run.

Changed in unattended-upgrades (Ubuntu):
status: New → Confirmed
Balint Reczey (rbalint) on 2018-02-22
Changed in unattended-upgrades (Ubuntu):
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.0ubuntu1

---------------
unattended-upgrades (1.0ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable
    - Remaining changes:
      - unattended-upgrades: Do not automatically upgrade the development
        release of Ubuntu unless Unattended-Upgrade::DevRelease is true.
    - Dropped changes, included in Debian:
      - Run upgrade-between-snapshots only on amd64.
        The test exercises only unattented-upgrade's Python code and uses
        dependencies from the frozen Debian snapshot archive thus running
        it on all architectures would provide little benefit.

unattended-upgrades (1.0) unstable; urgency=medium

  [ Simon Arlott ]
  * Revert sending mails on WARNINGS when in MailOnlyOnError mode"
  * Consider conffile prompts to be errors (Closes: #852465)
    Flag packages that have to be upgraded manually because of a conffile
    prompt and consider this to be an error when sending email or exiting.

  [ Simon McVittie ]
  * Add python, python3, setuptools, DistutilsExtra to Build-Depends.
    They are needed for `clean`, so Build-Depends-Indep is not enough.
  * Add .gitignore and debian/.gitignore
  * Remove bzr configuration.
    This is unnecessary now that u-u is in git.

  [ Michael Vogt ]
  * unattended-upgrades: tweak mail-on-warnings PR
  * unattended-upgrade: extract is_autoremove_valid helper

  [ Balint Reczey ]
  * Run upgrade-between-snapshots only on amd64.
    The test exercises only unattented-upgrade's Python code and uses
    dependencies from the frozen Debian snapshot archive thus running
    it on all architectures would provide little benefit.
  * Clean up processes started for getting md5 sums
  * Don't keep /var/lib/dpkg/status open multiple times
  * Adjust candidates in UnattendedUpgradesCache.open()
  * Perform autoremovals in minimal steps, too.
    Also add check to remove only the set of packages selected for autoremoval.
    Without that check unattended-upgrades when (by default) configured to
    remove newly unused packages could also remove auto removable packages
    which were unused before starting starting the upgrade step.
  * Remove unused automatically installed kernel packages
    (LP: #1357093, #1624644, #1675079, #1698159)
  * Stop including Python syntax in the report (Closes: #876796)
  * Do not auto remove packages related to the running kernel (LP: #1615381)
  * Check packages to be autoremoved against blacklists, whitelists.
    Also check if the packages are held.
  * Report package removals in the summary email (Closes: #876797)
  * Run upgrade-between-snapshots test with debugging enabled
  * Don't create new UnattendedUpgradesCache for checking for autoremovals
    .open() refreshes the state in each cache_commit(), this is enough
  * Update .pot and .po files
  * Update .travis.yml to actually build and test u-u from the repo
  * Run only a simple installation test on Travis, the system upgrade
    test was always failing

 -- Balint Reczey <email address hidden> Thu, 01 Mar 2018 17:29:33 +0700

Changed in unattended-upgrades (Ubuntu):
status: In Progress → Fix Released
Eric Desrochers (slashd) wrote :

Any particular reason why the fix hasn't been SRU'd ? I'll start looking at SRU'ing it into the rest of Stable Release.

From what I read the reporter first filed the bug against Xenial 16.04 LTS. Anyone still affected by this issue on Xenial or Artful ?

On Thu, May 24, 2018 at 1:24 PM, Eric Desrochers
<email address hidden> wrote:
> Any particular reason why the fix hasn't been SRU'd ? I'll start looking
> at SRU'ing it into the rest of Stable Release.
>
> >From what I read the reporter first filed the bug against Xenial 16.04
> LTS. Anyone still affected by this issue on Xenial or Artful ?

The reason is that many additional fixes were needed in u-u.
1.2ubuntu1 which I uploaded yesterday seem to have fixed all serious
regressions and I'm about SRU it.

Eric Desrochers (slashd) wrote :

Thanks for the heads-up Balint.

I saw the "full backport" discussion in the ML, thanks !

For now, I'm setting Xenial as 'high' priority as it has been brought to my attention that 'uu' in Xenial removed a running kernel recently :

/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
...
Removing linux-image-4.13.0-39-generic (4.13.0-39.44~16.04.1) ...^M
WARN: Proceeding with removing running kernel image.^M
...

Changed in unattended-upgrades (Ubuntu Xenial):
importance: Undecided → High
status: New → Confirmed
Changed in apt (Ubuntu):
status: Confirmed → Won't Fix
Changed in apt (Ubuntu Trusty):
status: New → Won't Fix
Changed in apt (Ubuntu Xenial):
status: New → Won't Fix
Eric Desrochers (slashd) on 2018-05-24
Changed in apt (Ubuntu Artful):
status: New → Won't Fix
Eric Desrochers (slashd) on 2018-05-31
tags: added: sts
Balint Reczey (rbalint) on 2018-11-08
Changed in unattended-upgrades (Ubuntu Artful):
status: New → Won't Fix

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-xenial
Łukasz Zemczak (sil2100) wrote :

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers