procps upgrades fail in a LXD container
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
procps (Debian) |
Fix Released
|
Unknown
|
|||
procps (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
dann frazier |
Bug Description
[Impact]
procps cannot be upgraded - or even reinstalled - in an LXD container. This means we cannot deliver updates (like the pending fix for LP: #1637026 in xenial-proposed) w/o putting container users in a bad state that requires a container restart to resolve.
[Test Case]
$ lxc launch ubuntu:xenial procpstest
Creating procpstest
Starting procpstest
$ lxc exec procpstest -- /bin/bash
root@procpstest:~# apt --reinstall install procps
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 209 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://
Fetched 209 kB in 1s (113 kB/s)
(Reading database ... 25398 files and directories currently installed.)
Preparing to unpack .../procps_
Unpacking procps (2:3.3.10-4ubuntu2) over (2:3.3.10-4ubuntu2) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu11) ...
Setting up procps (2:3.3.10-4ubuntu2) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Job for systemd-
invoke-rc.d: initscript procps, action "start" failed.
dpkg: error processing package procps (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
procps
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@procpstest:~#
[Regression Risk]
The proposed fix is to disable invoking the procps initscript on install/upgrade. This fix is already in yakkety, and I didn't find any bugs related to it in LP.
Changed in procps (Ubuntu): | |
status: | New → Fix Released |
Changed in procps (Ubuntu Xenial): | |
status: | New → In Progress |
assignee: | nobody → dann frazier (dannf) |
importance: | Undecided → High |
Changed in procps (Debian): | |
status: | Unknown → Fix Released |
Note that, though procps itself is patched to ignore errors when writing to /proc/sys, the problem here is that the initscript causes the systemd-sysctl service to get triggered, and that does not fail gracefully:
ubuntu@procps:~$ sudo /lib/systemd/ systemd- sysctl kptr_restrict' , ignoring: Permission denied yama/ptrace_ scope', ignoring: Permission denied hardlinks' , ignoring: Permission denied symlinks' , ignoring: Permission denied
Couldn't write '1' to 'kernel/
Couldn't write '4 4 1 7' to 'kernel/printk', ignoring: Permission denied
Couldn't write '1' to 'kernel/
Couldn't write '32768' to 'vm/mmap_min_addr', ignoring: Permission denied
Couldn't write '1' to 'fs/protected_
Couldn't write '1' to 'fs/protected_
Couldn't write '176' to 'kernel/sysrq', ignoring: Permission denied
ubuntu@procps:~$ echo $?
1