=== Begin SRU Template ===
[Impact]
Incorrect handling of udev events by open-iscsi's net-interface-handler
results in nameserver and dns search entries being removed from
/etc/resolv.conf and thus potentially breaking dns on a system.
This problem is limited to iscsi-root systems, but is easily tripped
by common use of linux networking. This was first discovered on
Oracle Public Cloud, which utilizes iscsi-root for its systems.
[Test Case]
1. Start a system with iscsi root. One such easily obtained environment is Oracle Public Cloud.
2. Collect resolvconf and ifupdown state
mkdir before
cp -a /run/resolvconf before/run-resolvconf
cp /etc/resolv.conf before/etc-resolv.conf
cp -a /run/network before/run-network
3. Create a tun/tap device
sudo ip tuntap add mode tap user root mytap0
4. Remove the tun/tap device.
sudo ip tuntap del mode tap mytap0
5. Collect resolvconf and ifupdown state and compare against '2'. The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
mkdir after
cp -a /run/resolvconf after/run-resolvconf
cp /etc/resolv.conf after/etc-resolv.conf
cp -a /run/network after/run-network
diff -Naur before/ after/
[Regression Potential]
The codepath executed was and is entirely limited to systems with iscsi-root.
So regressions should also be limited as such. The most likely regression
would seem to be the failure to add or remove entries to resolvconf for the
iscsi-root interface. Before this was happening to often. A bad fix could
result in it happening not enough.
[Other Info]
net-interface-handler is currently executing 'resolvconf -a' on all
new network interfaces and 'resolvconf -d' on removal of all network
interfaces.
The problem with that is that an add and remove of any new interface
will have the result of effectively marking the iscsi-root interface down.
That includes removing the resolvconf entries for that interface.
This add/remove can happen for any number of reasons. Two such examples:
a.) docker container create/delete
- sudo apt-get install -qy docker.io
- sudo docker run --rm busybox date
b.) add/remove of a tuntap device.
- sudo ip tuntap add mode tap user root mytap0
- sudo ip tuntap del mode tap mytap0
=== End SRU Template ===
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.4 [modified: lib/open-iscsi/net-interface-handler]
ProcVersionSignature: User Name 4.4.0-130.156-generic 4.4.134
Uname: Linux 4.4.0-130-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Thu Aug 2 17:18:06 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: open-iscsi
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.iscsi.iscsid.conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/iscsid.conf']
=== Begin SRU Template === handler
[Impact]
Incorrect handling of udev events by open-iscsi's net-interface-
results in nameserver and dns search entries being removed from
/etc/resolv.conf and thus potentially breaking dns on a system.
This problem is limited to iscsi-root systems, but is easily tripped
by common use of linux networking. This was first discovered on
Oracle Public Cloud, which utilizes iscsi-root for its systems.
[Test Case] run-resolvconf etc-resolv. conf resolvconf resolv. conf
1. Start a system with iscsi root. One such easily obtained environment is Oracle Public Cloud.
2. Collect resolvconf and ifupdown state
mkdir before
cp -a /run/resolvconf before/
cp /etc/resolv.conf before/
cp -a /run/network before/run-network
3. Create a tun/tap device
sudo ip tuntap add mode tap user root mytap0
4. Remove the tun/tap device.
sudo ip tuntap del mode tap mytap0
5. Collect resolvconf and ifupdown state and compare against '2'. The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
mkdir after
cp -a /run/resolvconf after/run-
cp /etc/resolv.conf after/etc-
cp -a /run/network after/run-network
diff -Naur before/ after/
[Regression Potential]
The codepath executed was and is entirely limited to systems with iscsi-root.
So regressions should also be limited as such. The most likely regression
would seem to be the failure to add or remove entries to resolvconf for the
iscsi-root interface. Before this was happening to often. A bad fix could
result in it happening not enough.
[Other Info] handler is currently executing 'resolvconf -a' on all
net-interface-
new network interfaces and 'resolvconf -d' on removal of all network
interfaces.
The problem with that is that an add and remove of any new interface
will have the result of effectively marking the iscsi-root interface down.
That includes removing the resolvconf entries for that interface.
This add/remove can happen for any number of reasons. Two such examples:
a.) docker container create/delete
- sudo apt-get install -qy docker.io
- sudo docker run --rm busybox date
b.) add/remove of a tuntap device.
- sudo ip tuntap add mode tap user root mytap0
- sudo ip tuntap del mode tap mytap0
=== End SRU Template ===
ProblemType: Bug git0.3b4b4500- 14ubuntu3. 4 [modified: lib/open- iscsi/net- interface- handler] ature: User Name 4.4.0-130. 156-generic 4.4.134 256color DIR=<set> conffile. .etc.iscsi. iscsid. conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/ iscsid. conf']
DistroRelease: Ubuntu 16.04
Package: open-iscsi 2.0.873+
ProcVersionSign
Uname: Linux 4.4.0-130-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Thu Aug 2 17:18:06 2018
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: open-iscsi
UpgradeStatus: No upgrade log present (probably fresh install)
modified.