[Bug 1792400] Re: smbd failed in host when both lxd container and host have smbd
Christian Ehrhardt
1792400 at bugs.launchpad.net
Thu Oct 18 07:23:45 UTC 2018
Tested an upgrade from proposed.
- upgrade worked
- Primary on trusty the upstart jobs are important which are not affected
- If I force execution of the sysV code (hacky) I'm affected and the proposed change from proposed fixes it
- So that isn't an issue for the majority of users, but still an issue since the same code is delivered. Looking back we might have skipped it on Trusty entirely, but it is not "wrong" to fix it
- on the positive side we also have not heard an issue on Xenial which got the same change recently.
Setting verified.
Example showing that the default upstart isn't affected:
ubuntu at T-smb-nested:~$ ps axlf | grep smbd
0 1000 13315 3315 20 0 10504 892 pipe_w S+ pts/0 0:00 | \_ grep --color=auto smbd
0 165536 13311 13204 20 0 7604 576 - S pts/6 0:00 \_ /usr/sbin/smbd 1h
4 0 13291 1 20 0 316760 9108 - Ss ? 0:00 smbd -F
1 0 13300 13291 20 0 308676 2840 - S ? 0:00 \_ smbd -F
1 0 13302 13291 20 0 316760 3080 - S ? 0:00 \_ smbd -F
$ sudo service smbd status; echo ""; sudo service smbd restart; echo ""; sudo service smbd status
smbd start/running, process 13291
smbd stop/waiting
smbd start/running, process 13334
smbd start/running, process 13334
So as I outlined before, not that impacted on Trusty, but for the sake of fixing code that the packages deliver pushing the fix is still correct.
If the SRU Team disagrees we could as well cancel the SRU at this stage
and remove it from proposed - sorry for the noise then.
** Tags removed: verification-needed verification-needed-trusty
** Tags added: verification-done verification-done-trusty
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1792400
Title:
smbd failed in host when both lxd container and host have smbd
Status in samba package in Ubuntu:
Fix Released
Status in samba source package in Trusty:
Fix Committed
Status in samba source package in Xenial:
Fix Released
Bug description:
[Impact]
* Issue: the current init script
* won't start samba related services on the host if there is a process
of the same binary in a container
* might on stop affect a process that it was not intended to stop
* Solution: Fix init scripts to
* start action to have a safer process detection with containers around
* stop action to not affect unintended processes due to stale pidfiles
[Test Case]
* 1. Start a container
* 2. Start samba in the Container (or winbind or nmbd)
* 3. Start samba in the host (or winbind or nmbd)
=> it will not start as such a binary is already running
* #2 and #3 can be switched, and then as 4. restart smbd in the host
=> it will shut down but not re-start
Fixed: The container process should have no influence
This also fixes issues where the pidfile would not be updated
* install and start smbd
* "Simulate" a corrupted pidfile by putting the PID of a different
process in it
* stop the sambd service
=> without the fixes this will drag down the other process you put in
the pidfile
Fixed: a stale pidfile entry should not let non-smbd (or winbind,
nmbd) processes be affected
[Regression Potential]
* We tried to think of all edge cases of these start/stop actions but
didn't come up with one that is broken. Aside from missing one of those
cases there might be non-archive scripts that expect the old behavior.
But even for thse no critical ones came to my mind so far.
Worst case there'd be a combination that leads to the service
no(re-)starting after the SRU - so thinking about potential cases is
important.
[Other Info]
* n/a
---
Setup: install smbd in host and lxd-container.
Now restart smbd in host:
service smbd restart
All is OK.
Problem: nmap shows "closed" on ports 139 and 445. And users cannot use smbd server in host.
● smbd.service - LSB: start Samba SMB/CIFS daemon (smbd)
Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled)
Active: active (exited) since Die 2016-10-18 17:35:23 CEST; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 24218 ExecStop=/etc/init.d/smbd stop (code=exited, status=0/SUCCESS)
Process: 21980 ExecReload=/etc/init.d/smbd reload (code=exited, status=0/SUCCESS)
Process: 25190 ExecStart=/etc/init.d/smbd start (code=exited, status=0/SUCCESS)
Okt 18 17:35:22 speedy systemd[1]: Starting LSB: start Samba SMB/CIFS daemon (smbd)...
Okt 18 17:35:23 speedy smbd[25190]: * Starting SMB/CIFS daemon smbd
Okt 18 17:35:23 speedy smbd[25190]: ...done.
Okt 18 17:35:23 speedy systemd[1]: Started LSB: start Samba SMB/CIFS daemon (smbd).
ps axf | grep smbd:
25356 pts/2 S+ 0:00 | \_ grep --color=auto smbd
19915 ? Ss 0:08 \_ /usr/sbin/smbd -D
19919 ? S 0:00 \_ /usr/sbin/smbd -D
However, netstat -tpln | grep "smbd" returns nothing and also nmap
shows "closed" on ports 139 and 445.
Workaround [1]:
change /etc/init.d/smbd:
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D ; then
to
if ! start-stop-daemon --start --quiet --oknodo --pidfile
/var/run/samba/smbd.pid --exec /usr/sbin/smbd -- -D ; then
I reported this to:
https://discuss.linuxcontainers.org/t/samba-in-host-and-container/2523
apt-cache policy samba
samba:
Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.15
Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.16
Version table:
2:4.3.11+dfsg-0ubuntu0.16.04.16 500
500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
*** 2:4.3.11+dfsg-0ubuntu0.16.04.15 500
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
100 /var/lib/dpkg/status
2:4.3.8+dfsg-0ubuntu1 500
500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
1. https://serverfault.com/questions/810544/samba-daemon-does-not-
work-as-systemd-service-but-works-in-foreground
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1792400/+subscriptions
More information about the foundations-bugs
mailing list