Public bug reported:
Dear all,
Following up the bug report #1713674, when executing systemd in a
hardened LXC context, it might not be suitable to reexec systemd daemon,
that would not be able to perform.
For instance, in our LXC, we drop several capabilities, including
sys_admin and we set /sys to read-only (in which, systemd will find its
cgroups). This means, systemd cannot be reexecuted, it will fail to
restart and will freeze (properly) at restart making the LXC container
in frozen state (still working, but no new services startable, no
interaction with systemd possible anymore).
When upgrading systemd the debian package, as postinst, will always
attempt to reexecute systemd, possibly breaking every other upgrade
where a daemon restart is made in postinst, and leaving the system in a
degraded state.
It would likely be appropriate the check whether the reexecute can work
will before performing it: checking capabilities, sys mount point perms,
etc. If not applicable, not performing a reexucte and possibly print a
message to the user.
Occurs with Ubuntu Xenial 16.04.3 LTS and systemd 229-4ubuntu21.
Cheers
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1732411
Title:
On upgrade, daemon-reexec should only be issued if safe
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1732411/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
