netplan.io causes systemctl enable to fail on systems without dbus

Bug #2071333 reported by Kaarel Pärtel
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
netplan.io (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I am using Docker with FROM ubuntu:22.04 to build a root filesystem that gets exported into an embedded system. This also includes running commands like "systemctl enable ssh" to enable systemd services.

It seems that the recent security patch to netplan.io somehow causes "systemctl enable" to fail.
From what I can gather this seems to come down to the fact that there is no dbus running.

I have included two Dockerfiles that represent this issue. These can be built using "docker build -f Dockerfile-good ." and "docker build -f Dockerfile-bad ." The only difference between these is that the bad Dockerfile also installs netplan.io

Expected behaviour:
manages to sucessfully enable ssh (Dockerfile-good)

Actual behaviour:
does not manage to enable ssh and exits with an error (Dockerfile-bad)

Related branches

Revision history for this message
Kaarel Pärtel (kpartel) wrote :
Revision history for this message
Kaarel Pärtel (kpartel) wrote :

From my testing this also occurs when using 20.04 but this does NOT occur on 24.04

Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Hello,

this is not caused by Netplan itself (but one of the things the update does will lead to the error). Below is a Dockerfile you can use to reproduce the problem. As you can see, netplan.io is not involved in it.

----

FROM ubuntu:22.04

RUN apt-get update && apt-get install --yes --no-install-recommends \
    systemd \
    openssh-server ; mkdir /run/systemd/system

RUN systemctl enable ssh

----

Here is why it fails:

The call to "systemctl enable ssh" gets redirected to "/lib/systemd/systemd-sysv-install enable ssh" which works, because the file "/etc/init.d/ssh" exists.

"systemd-sysv-install" is a script that will call another script called "/usr/sbin/update-rc.d". This second script will check if /run/systemd/system exists and assume systemd is available if it does.

Why it started to happen after the security update? One of the issues we fixed was a bad file permission we were using. To ensure that the permissions are set to the correct ones, the update calls the netplan generator to recreate the files. One of the things the generator does is create that directory.

To workaround this you can just remove that directory before calling systemctl:

----

FROM ubuntu:22.04

RUN apt-get update && apt-get install --yes --no-install-recommends \
    systemd \
    openssh-server \
    netplan.io ; rm -rf /run/systemd/system

RUN systemctl enable ssh

----

Changed in netplan.io (Ubuntu):
status: New → Triaged
Revision history for this message
Kaarel Pärtel (kpartel) wrote :

Thank you for your swift response. This did indeed fix our problem.

Revision history for this message
Sudhakar Verma (sudhackar) wrote :

I have made the mentioned changes and uploaded to https://launchpad.net/~ubuntu-security-proposed ppa for testing

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netplan.io - 1.0-2ubuntu1.2

---------------
netplan.io (1.0-2ubuntu1.2) noble-security; urgency=medium

  * SECURITY REGRESSION: failure on systems without dbus
    - debian/netplan-generator.postinst: Don't call the generator if no
      networkd configuration file exists. (LP: #2071333)

 -- Sudhakar Verma <email address hidden> Fri, 28 Jun 2024 22:40:44 +0530

Changed in netplan.io (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netplan.io - 0.107-5ubuntu0.4

---------------
netplan.io (0.107-5ubuntu0.4) mantic-security; urgency=medium

  * SECURITY REGRESSION: failure on systems without dbus
    - debian/netplan-generator.postinst: Don't call the generator if no
      networkd configuration file exists. (LP: #2071333)

 -- Sudhakar Verma <email address hidden> Fri, 28 Jun 2024 22:17:07 +0530

Changed in netplan.io (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.