systemd: core: Fix edge case when processing /proc/self/mountinfo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Eric Desrochers |
Bug Description
[Impact]
kubernetes loaded inactive dead transient mount points grows
https:/
[Test Case]
# cd /tmp
# mkdir -p bind-test/abc
# mount --bind bind-test bind-test
# mount -t tmpfs tmpfs bind-test/abc
# umount bind-test/abc
# systemctl list-units --all | grep bind-test
tmp-bind\
tmp-bind\
Expected outcome (w/ the fix) :
# cd /tmp
# mkdir -p bind-test/abc
# mount --bind bind-test bind-test
# mount -t tmpfs tmpfs bind-test/abc
# umount bind-test/abc
# systemctl list-units --all | grep bind-test
tmp-bind\
[Regression Potential]
This is a adapted version of 2 upstream fixes as the original upstream commit has been made on top on 2 functions mount_setup_
It is an adaptation of commits :
[65d36b495] core: Fix edge case when processing /proc/self/
[03b8cfede] core: make sure to init mount params before calling mount_is_
This patch changes mount_setup_unit() to prevent the just_mounted mount setup flag from being overwritten if it is set to true. This will allow all mount units created from /proc/self/
Additionally, the patch got the blessing of 'xnox' who looked at it and mention it looks fine to him.
[Pending SRU]
Note: No autopkgtests has been reported since systemd (21.5) ... between 21.5 and now (21.11) everything released has been about security fixes :
systemd (229-4ubuntu21.11) xenial; urgency=medium ==> Current SRU
systemd (229-4ubuntu21.10) xenial-security; urgency=medium
systemd (229-4ubuntu21.9) xenial-security; urgency=medium
systemd (229-4ubuntu21.8) xenial-security; urgency=medium
systemd (229-4ubuntu21.6) xenial-security; urgency=medium
systemd (229-4ubuntu21.5) xenial; urgency=medium ==> Previous SRU
Note: I don't know the level of adoption of Netplan in Xenial, but I suspect it is low as Netplan replaced ifupdown as the default configuration utility starting with Ubuntu 17.10 Artful only AFAIK.
* Regression in autopkgtest for nplan (s390x): test log
https:/
Error:
modprobe: FATAL: Module cfg80211 not found in directory /lib/modules/
Justification:
This above seems to be a recurrent failure since a couple of release already. This wasn't introduce by this particular SRU.
I don't think having wifi module is relevant in s390x anyway, so most likely the module is not there on purpose for kernel w/ s390x architecture.
* Regression in autopkgtest for nplan (amd64): test log
https:/
Error: (Ran on autopkgtest Ubuntu infra)
test_bond_
test_bridge_
test_dhcp6 (__main_
Justification:
The test are "passing" if ran manually in my own HW :
autopkgtest [15:29:15]: host <MY_HOSTNAME>; command line: /usr/bin/
.....
Setting up systemd (229-4ubuntu21.11) ...
Setting up nplan (0.32~16.04.6) ...
Setting up network-manager (1.2.6-
....
test_dhcp6 (__main_
test_bridge_
test_bond_
I *think* that these test may eventually works, but is it really worth it to retry them until success if it works fine outside the Ubuntu infra w/ the same proposed packages ? (See attachment: autopkgtest_
* Regression in autopkgtest for nplan (armhf): test log
https:/
Error:
Traceback (most recent call last):
File "/home/
command()
File "/home/
r = f(c, ce)
File "/home/
caller.
File "/home/
wait_booted()
File "/home/
VirtSubproc
File "/home/
stdout=stdout, stderr=
File "/home/
(out, err) = sp.communicate(
File "/usr/lib/
stderr = self.stderr.read()
File "/home/
raise Timeout()
VirtSubproc.Timeout
Justification:
It is a recurrent failure since "systemd/
Nothing to do with the current SRU "systemd/
Since then quite a few SRU has been approved so I'm not too worry here.
* Regression in autopkgtest for systemd (s390x): test log
https:/
Error:
FileNotFoundError: [Errno 2] No such file or directory: '/boot/
Justification:
This above seems to be a recurrent failure since a couple of release already. This wasn't introduce by this particular SRU.
* Regression in autopkgtest for snapd (i386): test log
https:/
Error:
2018-12-13 21:28:16 Failed tasks: 1
- autopkgtest:
error: unsuccessful run
Justification:
This above seems to be a recurrent failure since a couple of release already. This wasn't introduce by this particular SRU.
*
*
[Other Info]
One line fix in https:/
Referenced issue: https:/
Related kubernetes issue: https:/
systemd v237 has this fix, but we'd like to have it fixed in 16.04.
It only affect systemd for Xenial, later release already has the fix:
$ git describe --contains 65d36b495
v237~140
==> systemd | 229-4ubuntu21.4 | xenial-updates
systemd | 237-3ubuntu10.3 | bionic-updates
systemd | 239-7ubuntu9 | cosmic
[Original Description]
From the PR:
Currently, if there are two /proc/self/
mount point path, the mount setup flags computed for the second of
these two entries will overwrite the mount setup flags computed for
the first of these two entries. This is the root cause of issue #7798.
This patch changes mount_setup_
just_mounted mount setup flag from being overwritten if it is set to
true. This will allow all mount units created from /proc/self/
entries to be initialized properly.
One line fix in https:/
Referenced issue: https:/
Related kubernetes issue: https:/
CVE References
Changed in systemd (Ubuntu): | |
status: | New → Confirmed |
tags: | added: sts |
Changed in systemd (Ubuntu Xenial): | |
status: | New → Confirmed |
description: | updated |
Changed in systemd (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in systemd (Ubuntu Xenial): | |
importance: | Undecided → Medium |
description: | updated |
description: | updated |
description: | updated |
Changed in systemd (Ubuntu Xenial): | |
status: | Confirmed → In Progress |
assignee: | nobody → Eric Desrochers (slashd) |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in systemd (Ubuntu Xenial): | |
assignee: | Eric Desrochers (slashd) → Dimitri John Ledkov (xnox) |
Changed in systemd (Ubuntu Xenial): | |
assignee: | Dimitri John Ledkov (xnox) → Eric Desrochers (slashd) |
Changed in systemd (Ubuntu): | |
importance: | Undecided → Medium |
debdiff for xenial [systemd- lp1795764- xenial. debdiff]