[Bug 1883447] Re: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers
Launchpad Bug Tracker
1883447 at bugs.launchpad.net
Thu Mar 18 13:52:29 UTC 2021
This bug was fixed in the package systemd - 237-3ubuntu10.45
---------------
systemd (237-3ubuntu10.45) bionic; urgency=medium
[ Ioanna Alifieraki ]
* d/p/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch:
Do not shutdown immediately when scheduled shutdown fails (LP: #1911187)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=257135a59455f4e4063e78cdd3f5cfeca2597b5b
[ Dimitri John Ledkov ]
* d/p/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch:
meson: initialize time-epoch to reproducible builds compatible value
(LP: #1878969)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6f5a0c94ff4a486ee0b72af926672b24d16ff5a8
[ Dan Streetman ]
* d/p/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch:
- Fix failing test case under 5.8 kernel (LP: #1913189)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=15143ec6cd584a18866390a042348a543e5aa22d
* d/p/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch:
Thread-safe init of hashmap shared key (LP: #1913423)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95c189adb9c3e22576b26b084c7edf001cbc8307
* d/p/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch:
Add EliteBook to use micmute hotkey (LP: #1890448)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=19b48bdac5129aa772fbcd2dbf8d1bb5c30c1510
* d/p/debian/patches/lp1902553-test-disable-QEMU-based-testing-for-TEST-16-EXTEND-T.patch:
Disable TEST-03 run under qemu (LP: #1902553)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4e37d20ec379d169cfd53088d0c3b4d7bb65d25b
* d/p/debian/patches/lp1883447-seccomp-add-all-time64-syscalls.patch:
Add *time64 syscalls (LP: #1883447)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a459492c67c5c5855b03daca4b44141705495376
* d/p/lp1685754-pid1-by-default-make-user-units-inherit-their-umask-.patch:
Inherit umask for --user processes (LP: #1685754)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=00df8d0e76975594adb765182c587ef495262fe1
* d/p/debian/patches/lp1880258-log-nxdomain-as-debug.patch:
Change NXDOMAIN 'errors' to log level debug (LP: #1880258)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9684abed02669bfcf696763b887518cf54cd3f69
* d/p/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch:
Create symlink for hyperv-provided ptp device (LP: #1913763)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff2a9ed2ece6bbd86a3d57f42b26cb1a6ca2845a
-- Ioanna Alifieraki <ioanna-maria.alifieraki at canonical.com> Tue, 23
Feb 2021 03:45:01 +0200
** Changed in: systemd (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1883447
Title:
nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to
focal in containers
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
Fix Released
Status in systemd source package in Focal:
Fix Released
Bug description:
[impact]
nspawn fails on armhf
[test case]
setup a bionic armhf system (note that if lxd is used to setup armhf
container under arm64 system, the armhf container must have
'security.nesting' set to true) and get a focal img/filesystem to use
with systemd-nspawn, e.g.
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-armhf-root.tar.xz
$ mkdir f
$ cd f
$ tar xvf ../focal-server-cloudimg-armhf-root.tar.xz
install systemd-container, and start nspawn; then test anything that
uses the time, e.g. just run python:
$ systemd-nspawn
Spawning container f on /root/f.
Press ^] three times within 1s to kill container.
root at f:~# python3
Fatal Python error: pyinit_main: can't initialize time
Python runtime state: core initialized
PermissionError: [Errno 1] Operation not permitted
Current thread 0xf7bbd310 (most recent call first):
<no Python frame>
[regression potential]
any regression would likely break nspawn creation or operation of
containers, particularly on armhf, but possibly on other archs
[scope]
this is needed only in bionic.
this is fixed upstream by commit
6ca677106992321326427c89a40e1c9673a499b2 which was included first in
v244, so this is fixed already in focal and later.
[original description]
Recent Linux kernels introduced a number of new syscalls ending in
_time64 to fix Y2038 problem; it appears recent glibc, including the
version in focal, test for the existence of these. systemd-nspawn in
bionic (237-3ubuntu10.38) doesn't know about these so blocks them by
default. It seems however glibc isn't expecting an EPERM, causing
numerous programs to fail.
In particular, running do-release-upgrade to focal in an nspawn
container hosted on bionic will break as soon as the new libc has been
unpacked.
Solution (tested here) is to cherrypick upstream commit
https://github.com/systemd/systemd/commit/6ca677106992321326427c89a40e1c9673a499b2
A newer libseccomp is also needed but this is already being worked on,
see bug #1876055.
It's a pretty trivial fix one the new libseccomp lands, and there is
precedent for SRU-ing for a similar issue in bug #1840640.
https://patchwork.kernel.org/patch/10756415/ is apparently the
upstream kernel patch, which should give a clearer idea of which
architectures are likely to be affected - I noticed it on armhf.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions
More information about the foundations-bugs
mailing list