Milamber created CLOUDSTACK-9978:
------------------------------------
Summary: Kernel security update for CVE-2017-1000364 breaks
cloudstack startup scripts with jsvc on Ubuntu 14.04 or 16.04
Key: CLOUDSTACK-9978
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9978
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: cloudstack-agent, Management Server
Affects Versions: 4.10.0.0, 4.9.2.0
Environment: Ubuntu 14.04 or Ubuntu 16.04
Reporter: Milamber
Priority: Blocker
Fix For: Future
cloudstack-management or cloudstack-agent services won't start
The error message is : "jsvc.exec error: Service killed by signal 11"
This is a 'bug' from the last kernel update (~2017/06/20).
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865311
Workarounds (for 4.9 or 4.10):
Revert the last kernel update or add -Xss1280k option into the startup scripts
(after the -Xmx option for example)
====Diff for fix this issue on 4.9 cloudstack-agent script===
# diff cloudstack-agent_orig cloudstack-agent
103c103
< if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m
-Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile SYSLOG
$CLASS
---
> if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m
> -Xmx2048m -Xss1280k -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE"
> -errfile SYSLOG $CLASS
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
