attempt to read dmi data can cause warning and stacktrace in logs in a container.

Bug #1701325 reported by Scott Moser on 2017-06-29
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cloud-init
High
Scott Moser
cloud-init (Ubuntu)
Medium
Unassigned
Xenial
Medium
Unassigned
Zesty
Medium
Unassigned

Bug Description

=== Begin SRU Template ===
[Impact]
lxc containers would show warnings in /var/log/cloud-init.log.
This was because attempts were made to read dmi information from
inside the (unpriviledged) container. Such attempts to read
dmi data like /sys/class/dmi/id/product_serial would then result
in an attempt to run dmidecode which would also fail.

[Test Case]
To test this, simply
a.) create an lxd instance from a image with -proposed version of cloud-init
   $ release=xenial
   $ ref=$release-1701325
   $ lxc-proposed-snapshot --proposed --publish $release $ref
   $ lxc launch $ref $name
b.) lxc exec $name -- grep WARN /var/log/cloud-init.log

[Regression Potential]
A regression caused by this change is possible on some system where
systemd identified the system as a container but the container platform provided
simulated/virtualized dmi information in /sys/class/dmi/id.

The check for for container is done with:
  systemd-detect-virt --quite --container

[Other Info]
Upstream commit at
  https://git.launchpad.net/cloud-init/commit/?id=4d9f24f5c3

This was actually a regression of the upstream fix for bug 1691772.
That never entered a stable Ubuntu release. The testing here is
actually a test against regression.
The upstream commit for that change is at
  https://git.launchpad.net/cloud-init/commit/?id=802e7cb2da

lxc-proposed-snapshot is
  https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/tree/bin/lxc-proposed-snapshot
It publishes an image to lxd with proposed enabled and cloud-init upgraded.
=== End SRU Template ===

I launched an instance of artful.
Looked in /var/log/cloud-init.log and saw:
2017-06-29 16:00:15,222 - util.py[DEBUG]: Reading from /sys/class/dmi/id/product_serial (quiet=False)
2017-06-29 16:00:15,222 - util.py[WARNING]: failed read of /sys/class/dmi/id/product_serial
2017-06-29 16:00:15,223 - util.py[DEBUG]: failed read of /sys/class/dmi/id/product_serial
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 2359, in _read_dmi_syspath
    key_data = load_file(dmi_key_path, decode=False)
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1283, in load_file
    with open(fname, 'rb') as ifh:
PermissionError: [Errno 13] Permission denied: '/sys/class/dmi/id/product_serial'
2017-06-29 16:00:15,225 - util.py[DEBUG]: Running command ['/usr/sbin/dmidecode', '--string', 'system-serial-number'] with allowed return codes [0] (shell=False, capture=True)
2017-06-29 16:00:15,228 - util.py[DEBUG]: failed dmidecode cmd: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Unexpected error while running command.
Command: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Exit code: 1
Reason: -
Stdout: -
Stderr: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
        /dev/mem: No such file or directory

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: cloud-init 0.7.9-197-gebc9ecbc-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15
Uname: Linux 4.10.0-22-generic x86_64
ApportVersion: 2.20.5-0ubuntu5
Architecture: amd64
Date: Thu Jun 29 16:47:51 2017
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Scott Moser (smoser) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cloud-init (Ubuntu):
status: New → Confirmed
Scott Moser (smoser) on 2017-06-29
Changed in cloud-init:
assignee: nobody → Scott Moser (smoser)
importance: Undecided → High
status: New → Confirmed
Scott Moser (smoser) on 2017-06-29
Changed in cloud-init:
status: Confirmed → Fix Committed
Changed in cloud-init (Ubuntu):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 0.7.9-199-g4d9f24f5-0ubuntu1

---------------
cloud-init (0.7.9-199-g4d9f24f5-0ubuntu1) artful; urgency=medium

  * New upstream snapshot.
    - read_dmi_data: always return None when inside a container. (LP: #1701325)
    - requirements.txt: remove trailing white space.

 -- Scott Moser <email address hidden> Thu, 29 Jun 2017 18:01:21 -0400

Changed in cloud-init (Ubuntu):
status: Confirmed → Fix Released
Scott Moser (smoser) on 2017-07-31
Changed in cloud-init (Ubuntu Xenial):
status: New → Confirmed
Changed in cloud-init (Ubuntu Zesty):
status: New → Confirmed
Changed in cloud-init (Ubuntu Xenial):
importance: Undecided → Medium
Changed in cloud-init (Ubuntu Zesty):
importance: Undecided → Medium
Scott Moser (smoser) on 2017-08-01
description: updated

Hello Scott, or anyone else affected,

Accepted cloud-init into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-233-ge586fe35-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cloud-init (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-xenial
Changed in cloud-init (Ubuntu Zesty):
status: Confirmed → Fix Committed
tags: added: verification-needed-zesty
Chris J Arges (arges) wrote :

Hello Scott, or anyone else affected,

Accepted cloud-init into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-233-ge586fe35-0ubuntu1~17.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Chad Smith (chad.smith) wrote :

Validated on lxc containers xenial and zesty:

$ for release in xenial zesty; do
        ref=$release-proposed;
        echo "$release START --------------";
        ./lxc-proposed-snapshot --proposed --publish $release $ref;
        lxc init $ref test-$release;
        lxc start test-$release;
        lxc sleep 10;
        lxc exec test-$release -- grep WARN /var/log/cloud-init.log;
        lxc exec test-$release -- dpkg-query --show cloud-init;
done

xenial START --------------
Creating xenial-proposed-123719471
...
# No WARN messages
cloud-init 0.7.9-233-ge586fe35-0ubuntu1~16.04.1

zesty START --------------
Creating zesty-proposed-34023523
...
The following packages will be upgraded:
  cloud-init
...
Get:1 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 cloud-init all 0.7.9-233-ge586fe35-0ubuntu1~17.04.1 [321 kB]
...
# No WARN messages
cloud-init 0.7.9-233-ge586fe35-0ubuntu1~17.04.1

tags: added: verification-done-xenial verification-done-zesty
removed: verification-needed verification-needed-xenial verification-needed-zesty
Launchpad Janitor (janitor) wrote :
Download full text (6.4 KiB)

This bug was fixed in the package cloud-init - 0.7.9-233-ge586fe35-0ubuntu1~16.04.1

---------------
cloud-init (0.7.9-233-ge586fe35-0ubuntu1~16.04.1) xenial-proposed; urgency=medium

  * debian/cloud-init.templates: enable Scaleway cloud.
  * debian/cloud-init.templates: enable Aliyun cloud.
  * drop the following cherry picks, now incorporated in snapshot.
    + debian/patches/cpick-5fb49bac-azure-identify-platform...
    + debian/patches/cpick-003c6678-net-remove-systemd-link...
    + debian/patches/cpick-1cd4323b-azure-remove-accidental...
    + debian/patches/cpick-ebc9ecbc-Azure-Add-network-config...
    + debian/patches/cpick-11121fe4-systemd-make-cloud-final...
  * debian/patches/stable-release-no-jsonschema-dep.patch:
    add patch to remove optional dependency on jsonschema.
  * New upstream snapshot.
    - cloudinit.net: add initialize_network_device function and tests
      [Chad Smith]
    - makefile: fix ci-deps-ubuntu target [Chad Smith]
    - tests: adjust locale integration test to parse default locale.
    - tests: remove 'yakkety' from releases as it is EOL.
    - centos: do not package systemd-fsck drop-in.
    - systemd: make systemd-fsck run after cloud-init.service (LP: #1691489)
    - tests: Add initial tests for EC2 and improve a docstring.
    - locale: Do not re-run locale-gen if provided locale is system default.
    - archlinux: fix set hostname usage of write_file. [Joshua Powers]
    - sysconfig: support subnet type of 'manual'.
    - tools/run-centos: make running with no argument show help.
    - Drop rand_str() usage in DNS redirection detection
      [Bob Aman] (LP: #1088611)
    - sysconfig: use MACADDR on bonds/bridges to configure mac_address
      [Ryan Harper]
    - net: eni route rendering missed ipv6 default route config
      [Ryan Harper] (LP: #1701097)
    - sysconfig: enable mtu set per subnet, including ipv6 mtu
      [Ryan Harper]
    - sysconfig: handle manual type subnets [Ryan Harper]
    - sysconfig: fix ipv6 gateway routes [Ryan Harper]
    - sysconfig: fix rendering of bond, bridge and vlan types.
      [Ryan Harper]
    - Templatize systemd unit files for cross distro deltas. [Ryan Harper]
    - sysconfig: ipv6 and default gateway fixes. [Ryan Harper]
    - net: fix renaming of nics to support mac addresses written in upper
      case. (LP: #1705147)
    - tests: fixes for issues uncovered when moving to python 3.6.
    - sysconfig: include GATEWAY value if set in subnet
      [Ryan Harper]
    - Scaleway: add datasource with user and vendor data for Scaleway.
      [Julien Castets]
    - Support comments in content read by load_shell_content.
    - cloudinitlocal fail to run during boot [Hongjiang Zhang]
    - doc: fix disk setup example table_type options [Sandor Zeestraten]
    - tools: Fix exception handling. [Joonas Kylmälä]
    - tests: fix usage of mock in GCE test.
    - test_gce: Fix invalid mock of platform_reports_gce to return False
      [Chad Smith]
    - test: fix incorrect keyid for apt repository. [Joshua Powers]
    - tests: Update version of pylxd [Joshua Powers]
    - write_files: Remove log from helper function signatures.
      [Andrew Jorgensen]
    - doc: document...

Read more...

Changed in cloud-init (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for cloud-init has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :
Download full text (6.4 KiB)

This bug was fixed in the package cloud-init - 0.7.9-233-ge586fe35-0ubuntu1~17.04.1

---------------
cloud-init (0.7.9-233-ge586fe35-0ubuntu1~17.04.1) zesty; urgency=medium

  * debian/cloud-init.templates: enable Scaleway cloud.
  * debian/cloud-init.templates: enable Aliyun cloud.
  * drop the following cherry picks, now incorporated in snapshot.
    + debian/patches/cpick-5fb49bac-azure-identify-platform...
    + debian/patches/cpick-003c6678-net-remove-systemd-link...
    + debian/patches/cpick-1cd4323b-azure-remove-accidental...
    + debian/patches/cpick-ebc9ecbc-Azure-Add-network-config...
    + debian/patches/cpick-11121fe4-systemd-make-cloud-final...
  * debian/patches/stable-release-no-jsonschema-dep.patch:
    add patch to remove optional dependency on jsonschema.
  * New upstream snapshot.
    - cloudinit.net: add initialize_network_device function and tests
      [Chad Smith]
    - makefile: fix ci-deps-ubuntu target [Chad Smith]
    - tests: adjust locale integration test to parse default locale.
    - tests: remove 'yakkety' from releases as it is EOL.
    - centos: do not package systemd-fsck drop-in.
    - systemd: make systemd-fsck run after cloud-init.service (LP: #1691489)
    - tests: Add initial tests for EC2 and improve a docstring.
    - locale: Do not re-run locale-gen if provided locale is system default.
    - archlinux: fix set hostname usage of write_file. [Joshua Powers]
    - sysconfig: support subnet type of 'manual'.
    - tools/run-centos: make running with no argument show help.
    - Drop rand_str() usage in DNS redirection detection
      [Bob Aman] (LP: #1088611)
    - sysconfig: use MACADDR on bonds/bridges to configure mac_address
      [Ryan Harper]
    - net: eni route rendering missed ipv6 default route config
      [Ryan Harper] (LP: #1701097)
    - sysconfig: enable mtu set per subnet, including ipv6 mtu
      [Ryan Harper]
    - sysconfig: handle manual type subnets [Ryan Harper]
    - sysconfig: fix ipv6 gateway routes [Ryan Harper]
    - sysconfig: fix rendering of bond, bridge and vlan types.
      [Ryan Harper]
    - Templatize systemd unit files for cross distro deltas. [Ryan Harper]
    - sysconfig: ipv6 and default gateway fixes. [Ryan Harper]
    - net: fix renaming of nics to support mac addresses written in upper
      case. (LP: #1705147)
    - tests: fixes for issues uncovered when moving to python 3.6.
    - sysconfig: include GATEWAY value if set in subnet
      [Ryan Harper]
    - Scaleway: add datasource with user and vendor data for Scaleway.
      [Julien Castets]
    - Support comments in content read by load_shell_content.
    - cloudinitlocal fail to run during boot [Hongjiang Zhang]
    - doc: fix disk setup example table_type options [Sandor Zeestraten]
    - tools: Fix exception handling. [Joonas Kylmälä]
    - tests: fix usage of mock in GCE test.
    - test_gce: Fix invalid mock of platform_reports_gce to return False
      [Chad Smith]
    - test: fix incorrect keyid for apt repository. [Joshua Powers]
    - tests: Update version of pylxd [Joshua Powers]
    - write_files: Remove log from helper function signatures.
      [Andrew Jorgensen]
    - doc: document the cmdli...

Read more...

Changed in cloud-init (Ubuntu Zesty):
status: Fix Committed → Fix Released

This bug is believed to be fixed in cloud-init in 17.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers