Your message dated Wed, 22 May 2019 11:34:44 +0000
with message-id <[email protected]>
and subject line Bug#926999: fixed in libvirt 5.0.0-3
has caused the Debian Bug report #926999,
regarding libvirt-daemon: LXC container cannot be killed, e.g., virsh -c lxc://
destroy <name>, if cgroup backend v2 missing.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
926999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926999
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvirt-daemon
Version: 5.0.0-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Joachim Falk <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: libvirt-daemon: LXC container cannot be killed, e.g., virsh -c lxc://
destroy <name>, if cgroup backend v2 missing.
Message-ID: <[email protected]>
X-Mailer: reportbug 7.5.2
Date: Sat, 13 Apr 2019 10:47:05 +0200
Package: libvirt-daemon
Version: 5.0.0-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear maintainer,
there is a problem with killing LXC containers when only one cgroup
backend is available. Cgroup backend v2 is not available on the default
install of libvirt-daemon-system and, thus, killing LXC containers
fails. This seemes to be fixed by upstream with commit
401030499bfb03b182da14f7e00f4a82beab9a8e
======================================================================
>From 401030499bfb03b182da14f7e00f4a82beab9a8e Mon Sep 17 00:00:00 2001
From: Michal Privoznik <[email protected]>
Date: Thu, 24 Jan 2019 17:20:58 +0100
Subject: [PATCH] vircgroup: Try harder to kill cgroup
Prior to rewrite of cgroup code we only had one backend to try.
After the rewrite the virCgroupBackendGetAll() returns both
backends (for v1 and v2). However, not both have to really be
present on the system which results in killRecursive callback
failing which in turn might mean we won't try the other backend.
At the same time, this function reports no error as it should.
======================================================================
This commit is also part of upstream version 5.1.0. Hence, a bump to a
newer upstream should also fix the issue.
Symptoms of the problem are as follows in /var/log/libvirt/libvirtd.log:
2019-04-13 08:10:17.708+0000: 532: debug : virLXCDomainObjBeginJob:108 :
Starting job: modify
2019-04-13 08:10:17.708+0000: 532: debug : virLXCProcessStop:831 : Stopping VM
name=flummy pid=701 reason=2
2019-04-13 08:10:17.708+0000: 532: debug : virCgroupKillPainfully:2647 :
cgroup=0x7f5f38005c50 path=
2019-04-13 08:10:17.708+0000: 532: debug : virCgroupKillRecursive:2617 :
group=0x7f5f38005c50 path= signum=15
2019-04-13 08:10:17.708+0000: 532: debug : virCgroupKillPainfully:2658 :
Iteration 0 rc=-1
2019-04-13 08:10:17.708+0000: 532: debug : virCgroupKillPainfully:2665 :
Complete -1
2019-04-13 08:10:17.708+0000: 532: info : virObjectNew:248 : OBJECT_NEW:
obj=0x7f5f24001b20 classname=virDomainEventLifecycle
2019-04-13 08:10:17.708+0000: 532: debug : virLXCDomainObjEndJob:146 : Stopping
job: modify
You have to enable debugging to get these logs, i.e.,
--- libvirtd.conf.orig 2019-03-30 19:43:46.110699728 +0100
+++ libvirtd.conf 2019-03-30 19:47:37.306130440 +0100
@@ -389,6 +389,7 @@
# rest of the util code:
#
#log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"
+log_filters="3:remote 4:event 3:json 3:rpc 1:*"
# Logging outputs:
# An output is one of the places to save logging information
@@ -411,7 +412,7 @@
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
#
-
+log_outputs="1:file:/var/log/libvirt/libvirtd.log 3:syslog:libvirtd"
##################################################################
#
Best,
Joachim Falk
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libvirt-daemon depends on:
ii libacl1 2.2.53-4
ii libapparmor1 2.13.2-10
ii libaudit1 1:2.8.4-2
ii libavahi-client3 0.7-4+b1
ii libavahi-common3 0.7-4+b1
ii libblkid1 2.33.1-0.1
ii libc6 2.28-8
ii libcap-ng0 0.7.9-2
ii libcurl3-gnutls 7.64.0-2
ii libdbus-1-3 1.12.12-1
ii libdevmapper1.02.1 2:1.02.155-2
ii libfuse2 2.9.9-1
ii libgcc1 1:8.3.0-5
ii libgnutls30 3.6.6-2
ii libnetcf1 1:0.2.8-1+b2
ii libnl-3-200 3.4.0-1
ii libnl-route-3-200 3.4.0-1
ii libnuma1 2.0.12-1
ii libparted2 3.2-24
ii libpcap0.8 1.8.1-6
ii libpciaccess0 0.14-1
ii libsasl2-2 2.1.27+dfsg-1
ii libselinux1 2.8-1+b1
ii libssh2-1 1.8.0-2.1
ii libudev1 241-3
ii libvirt0 5.0.0-1
ii libxenmisc4.11 4.11.1+26-g87f51bf366-3
ii libxenstore3.0 4.11.1+26-g87f51bf366-3
ii libxentoollog1 4.11.1+26-g87f51bf366-3
ii libxml2 2.9.4+dfsg1-7+b3
ii libyajl2 2.1.0-3
Versions of packages libvirt-daemon recommends:
ii libxml2-utils 2.9.4+dfsg1-7+b3
ii netcat-openbsd 1.195-2
ii qemu-kvm 1:3.1+dfsg-7
Versions of packages libvirt-daemon suggests:
pn libvirt-daemon-driver-storage-gluster <none>
pn libvirt-daemon-driver-storage-rbd <none>
pn libvirt-daemon-driver-storage-zfs <none>
ii libvirt-daemon-system 5.0.0-1
pn numad <none>
-- no debconf information
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libvirt-daemon depends on:
ii libacl1 2.2.53-4
ii libapparmor1 2.13.2-10
ii libaudit1 1:2.8.4-2
ii libavahi-client3 0.7-4+b1
ii libavahi-common3 0.7-4+b1
ii libblkid1 2.33.1-0.1
ii libc6 2.28-8
ii libcap-ng0 0.7.9-2
ii libcurl3-gnutls 7.64.0-2
ii libdbus-1-3 1.12.12-1
ii libdevmapper1.02.1 2:1.02.155-2
ii libfuse2 2.9.9-1
ii libgcc1 1:8.3.0-5
ii libgnutls30 3.6.6-2
ii libnetcf1 1:0.2.8-1+b2
ii libnl-3-200 3.4.0-1
ii libnl-route-3-200 3.4.0-1
ii libnuma1 2.0.12-1
ii libparted2 3.2-24
ii libpcap0.8 1.8.1-6
ii libpciaccess0 0.14-1
ii libsasl2-2 2.1.27+dfsg-1
ii libselinux1 2.8-1+b1
ii libssh2-1 1.8.0-2.1
ii libudev1 241-3
ii libvirt0 5.0.0-1
ii libxenmisc4.11 4.11.1+26-g87f51bf366-3
ii libxenstore3.0 4.11.1+26-g87f51bf366-3
ii libxentoollog1 4.11.1+26-g87f51bf366-3
ii libxml2 2.9.4+dfsg1-7+b3
ii libyajl2 2.1.0-3
Versions of packages libvirt-daemon recommends:
ii libxml2-utils 2.9.4+dfsg1-7+b3
ii netcat-openbsd 1.195-2
ii qemu-kvm 1:3.1+dfsg-7
Versions of packages libvirt-daemon suggests:
pn libvirt-daemon-driver-storage-gluster <none>
pn libvirt-daemon-driver-storage-rbd <none>
pn libvirt-daemon-driver-storage-zfs <none>
ii libvirt-daemon-system 5.0.0-1
pn numad <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 5.0.0-3
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 22 May 2019 12:31:08 +0200
Source: libvirt
Architecture: source
Version: 5.0.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Closes: 897394 926999 927310 929334
Changes:
libvirt (5.0.0-3) unstable; urgency=medium
.
[ Guido Günther ]
* [6bc6e60] CVE-2019-10132: Fix vir{lock,log}d socket access.
All patches were cherry-picked from upstream's v5.0-maint branch.
(Closes: #929334)
* [09016dd] d/patches: Move security fixes into security/
.
[ Joachim Falk ]
* [5d96699] lxc: Fix killing of lxc containers if cgroup backend v2 is
unavailable.
(Closes: #926999)
* [ea7a491] lxc: Fix container shutdown and host reboot
(Closes: #927310, #897394)
Checksums-Sha1:
47b830f4255c0ad5bbb52fe77392569f73970423 4353 libvirt_5.0.0-3.dsc
ee72696860a2ceec1ce07247e0bef503ee4825c1 76996 libvirt_5.0.0-3.debian.tar.xz
9d6e5a04213d249e66f593df63fd4c470b2e009e 19472 libvirt_5.0.0-3_amd64.buildinfo
Checksums-Sha256:
258b58ec682c741d364e9e70004dcebb0609fb8e9dd748ff0317856af011d331 4353
libvirt_5.0.0-3.dsc
66ba224b7168fa44b382d9a158515cf34596ab072f3ef53d6f7083d90044e1cb 76996
libvirt_5.0.0-3.debian.tar.xz
7d2a4222f31bdb03342cadf1523d1a47cf04c023b10932cba77c296f625c0d08 19472
libvirt_5.0.0-3_amd64.buildinfo
Files:
dde11a7557b74fc06dab5aa627027918 4353 libs optional libvirt_5.0.0-3.dsc
b426861e183f010e1499ec2bf574932e 76996 libs optional
libvirt_5.0.0-3.debian.tar.xz
cfd0537811f61479d7c29e7182612d8e 19472 libs optional
libvirt_5.0.0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAlzlLMIACgkQB7i3sOqY
EgvJlA//WiOQZfZG6SAi3c+5rO4UQ8l2nI7p4nQNE0DFmnWU6whRa+2j2qZaKfkM
Qo2fWiy6dOT/5+ci4rxDBcEHvqhQEOhk7KbBQOxI9yftQ+mzlMKt9/0xWoxM7CSB
j9/IagUnErZqZvdzFpOzIC1dAWuWPasbDwN7X2MJgILidpy5sADeRjOI5/BS5zl9
WwKkRmFCcshmwYYppu5sjSLLQYroA2vlW2odlWBKBwaKNscYmSy+GoRPReOL68sp
GlIr9nTN/htbd9tWjrEvXCIE2tfVXNIsarIxKcs514uhHzadixWN1HOIsaWpyDSq
HWtasfG/9oKdYEuntZtm7tmAbxhI2zQMFMKifj8s9Z/Yml1CljDbItEwunhS+g+9
dxlcglsNCOykDT+yWFNBP0UmkT/5UIc8MVNM0/H+jnUyQDVkeOhTimH0mB48ODjY
sufAQ8r1H8I9OS92Tjo2G/CrpCWJv3+LDex94qruiZ9ys0lHfri0TEmZP5TnP4ZN
qd0r9l+pOCLr6NemwwnUNUpGBi5mcVtWjgZ0vJz/Oq8UHJAi+Rh22yM73XxK4CdE
LcS9cr7aSgmqM+Q5sNGzGIB9Lk4T8YUYBKTevxojZJFe/4NNgaZzxKfl7BtJYKk2
8c6r1/XzG3+xn2gJY1u7fESwZSlgIJTIanK7GgFdLL87mDlSHNo=
=svda
-----END PGP SIGNATURE-----
--- End Message ---
