secureboot-db.service should not run in a container
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
secureboot-db (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
1) # lsb_release -rd
Description: Ubuntu Eoan Ermine (development branch)
Release: 19.10
2) root@e1:~# apt-cache policy secureboot-db
secureboot-db:
Installed: 1.5
Candidate: 1.5
Version table:
*** 1.5 500
500 http://
100 /var/lib/
3) secureboot-
# systemctl status secureboot-
● secureboot-
Loaded: loaded (/lib/systemd/
Active: inactive (dead)
Condition: start condition failed at Tue 2019-08-20 20:51:09 UTC; 9s ago
└─ ConditionVirtua
Aug 20 20:42:06 e1 systemd[1]: Started Secure Boot updates for DB and DBX.
Aug 20 20:51:09 e1 systemd[1]: Condition check resulted in Secure Boot updates for DB and DBX being skipped.
4) secureboot-
# journalctl -o short-precise -b -u secureboot-
Aug 20 20:04:18.947034 e1 chattr[285]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:04:19.057942 e1 chattr[302]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:04:19.083525 e1 chattr[304]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:04:19.123167 e1 sbkeysync[315]: Error syncing keystore file /usr/share/
Aug 20 20:26:27.716688 e1 chattr[207]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:26:27.817164 e1 chattr[224]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:26:27.855895 e1 chattr[239]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:26:27.893937 e1 sbkeysync[248]: Error syncing keystore file /usr/share/
Aug 20 20:38:10.105456 e1 chattr[235]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:38:10.111700 e1 chattr[245]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:38:10.140787 e1 chattr[250]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:38:10.188091 e1 sbkeysync[262]: Error syncing keystore file /usr/share/
Aug 20 20:42:05.935136 e1 chattr[232]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:42:06.015810 e1 chattr[241]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:42:06.076527 e1 chattr[258]: /usr/bin/chattr: Permission denied while reading flags on /sys/firmware/
Aug 20 20:42:06.116561 e1 sbkeysync[266]: Error syncing keystore file /usr/share/
This can be fixed by adding another condition to the unit.
# /etc/systemd/
[Unit]
ConditionVirtua
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: secureboot-db 1.5
ProcVersionSign
Uname: Linux 4.15.0-58-generic x86_64
ApportVersion: 2.20.11-0ubuntu7
Architecture: amd64
Date: Tue Aug 20 20:48:32 2019
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=C.UTF-8
SourcePackage: secureboot-db
UpgradeStatus: No upgrade log present (probably fresh install)
Related branches
- Dimitri John Ledkov (community): Needs Information
- git-ubuntu import: Pending requested
-
Diff: 26 lines (+7/-0)2 files modifieddebian/changelog (+6/-0)
debian/secureboot-db.service (+1/-0)
Changed in secureboot-db (Ubuntu): | |
status: | New → Confirmed |
This should also not run in a live environment, such as the installer, rescue media, etc.
Thanks