[ https://issues.apache.org/jira/browse/CLOUDSTACK-9978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064753#comment-16064753 ]
Wido den Hollander commented on CLOUDSTACK-9978: ------------------------------------------------ It seems that there is already a fix from Debian/Ubuntu's side for the kernel. Thanks for the workaround, but it doesn't seem that we need to take action. > Kernel security update for CVE-2017-1000364 breaks cloudstack startup scripts > with jsvc on Ubuntu 14.04 or 16.04 > ---------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-9978 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9978 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: cloudstack-agent, Management Server > Affects Versions: 4.10.0.0, 4.9.2.0 > Environment: Ubuntu 14.04 or Ubuntu 16.04 > Reporter: Milamber > Priority: Blocker > Fix For: Future > > > cloudstack-management or cloudstack-agent services won't start > The error message is : "jsvc.exec error: Service killed by signal 11" > This is a 'bug' from the last kernel update (~2017/06/20). > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865311 > Workarounds (for 4.9 or 4.10): > Revert the last kernel update or add -Xss1280k option into the startup > scripts (after the -Xmx option for example) > ====Diff for fix this issue on 4.9 cloudstack-agent script=== > # diff cloudstack-agent_orig cloudstack-agent > 103c103 > < if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m > -Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile > SYSLOG $CLASS > --- > > if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m > > -Xmx2048m -Xss1280k -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" > > -errfile SYSLOG $CLASS -- This message was sent by Atlassian JIRA (v6.4.14#64029)