[Bug 1785108] [NEW] net-interface-handler operates on all adds and removes

Scott Moser ssmoser2+ubuntu at gmail.com
Thu Aug 2 17:51:35 UTC 2018 

Public bug reported:

=== Begin SRU Template ===
[Impact]
Incorrect handling of udev events by open-iscsi's net-interface-handler
results in nameserver and dns search entries being removed from 
/etc/resolv.conf and thus potentially breaking dns on a system.

This problem is limited to iscsi-root systems, but is easily tripped
by common use of linux networking.  This was first discovered on
Oracle Public Cloud, which utilizes iscsi-root for its systems.

[Test Case]
1. Start a system with iscsi root.  One such easily obtained environment is Oracle Public Cloud.
2. Collect resolvconf and ifupdown state
   mkdir before
   cp -a /run/resolvconf before/run-resolvconf
   cp /etc/resolv.conf before/etc-resolv.conf
   cp -a /run/network before/run-network
3. Create a tun/tap device
   sudo ip tuntap add mode tap user root mytap0
4. Remove the tun/tap device.
   sudo ip tuntap del mode tap mytap0
5. Collect resolvconf and ifupdown state and compare against '2'.  The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
   mkdir after
   cp -a /run/resolvconf after/run-resolvconf
   cp /etc/resolv.conf after/etc-resolv.conf
   cp -a /run/network after/run-network

   diff -Naur before/ after/

[Regression Potential]
The codepath executed was and is entirely limited to systems with iscsi-root.
So regressions should also be limited as such.  The most likely regression
would seem to be the failure to add or remove entries to resolvconf for the
iscsi-root interface.  Before this was happening to often.  A bad fix could
result in it happening not enough.

[Other Info]
net-interface-handler is currently executing 'resolvconf -a' on all
new network interfaces and 'resolvconf -d' on removal of all network
interfaces.

The problem with that is that an add and remove of any new interface
will have the result of effectively marking the iscsi-root interface down.
That includes removing the resolvconf entries for that interface.

This add/remove can happen for any number of reasons.  Two such examples:
 a.) docker container create/delete
     - sudo apt-get install -qy docker.io
     - sudo docker run --rm busybox date
 b.) add/remove of a tuntap device.
     - sudo ip tuntap add mode tap user root mytap0
     - sudo ip tuntap del mode tap mytap0
=== End SRU Template ===

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.4 [modified: lib/open-iscsi/net-interface-handler]
ProcVersionSignature: User Name 4.4.0-130.156-generic 4.4.134
Uname: Linux 4.4.0-130-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Thu Aug  2 17:18:06 2018
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: open-iscsi
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.iscsi.iscsid.conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/iscsid.conf']

** Affects: open-iscsi (Ubuntu)
     Importance: Medium
         Status: Confirmed


** Tags: amd64 apport-bug uec-images xenial

** Changed in: open-iscsi (Ubuntu)
       Status: New => Confirmed

** Changed in: open-iscsi (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to open-iscsi in Ubuntu.
https://bugs.launchpad.net/bugs/1785108

Title:
  net-interface-handler operates on all adds and removes

Status in open-iscsi package in Ubuntu:
  Confirmed

Bug description:
  === Begin SRU Template ===
  [Impact]
  Incorrect handling of udev events by open-iscsi's net-interface-handler
  results in nameserver and dns search entries being removed from 
  /etc/resolv.conf and thus potentially breaking dns on a system.

  This problem is limited to iscsi-root systems, but is easily tripped
  by common use of linux networking.  This was first discovered on
  Oracle Public Cloud, which utilizes iscsi-root for its systems.

  [Test Case]
  1. Start a system with iscsi root.  One such easily obtained environment is Oracle Public Cloud.
  2. Collect resolvconf and ifupdown state
     mkdir before
     cp -a /run/resolvconf before/run-resolvconf
     cp /etc/resolv.conf before/etc-resolv.conf
     cp -a /run/network before/run-network
  3. Create a tun/tap device
     sudo ip tuntap add mode tap user root mytap0
  4. Remove the tun/tap device.
     sudo ip tuntap del mode tap mytap0
  5. Collect resolvconf and ifupdown state and compare against '2'.  The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
     mkdir after
     cp -a /run/resolvconf after/run-resolvconf
     cp /etc/resolv.conf after/etc-resolv.conf
     cp -a /run/network after/run-network

     diff -Naur before/ after/

  [Regression Potential]
  The codepath executed was and is entirely limited to systems with iscsi-root.
  So regressions should also be limited as such.  The most likely regression
  would seem to be the failure to add or remove entries to resolvconf for the
  iscsi-root interface.  Before this was happening to often.  A bad fix could
  result in it happening not enough.

  [Other Info]
  net-interface-handler is currently executing 'resolvconf -a' on all
  new network interfaces and 'resolvconf -d' on removal of all network
  interfaces.

  The problem with that is that an add and remove of any new interface
  will have the result of effectively marking the iscsi-root interface down.
  That includes removing the resolvconf entries for that interface.

  This add/remove can happen for any number of reasons.  Two such examples:
   a.) docker container create/delete
       - sudo apt-get install -qy docker.io
       - sudo docker run --rm busybox date
   b.) add/remove of a tuntap device.
       - sudo ip tuntap add mode tap user root mytap0
       - sudo ip tuntap del mode tap mytap0
  === End SRU Template ===

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.4 [modified: lib/open-iscsi/net-interface-handler]
  ProcVersionSignature: User Name 4.4.0-130.156-generic 4.4.134
  Uname: Linux 4.4.0-130-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Thu Aug  2 17:18:06 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: open-iscsi
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.iscsi.iscsid.conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/iscsid.conf']

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1785108/+subscriptions

More information about the foundations-bugs mailing list