[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

Andreas Hasenack 2085851 at bugs.launchpad.net
Thu Nov 14 18:32:14 UTC 2024 

Just a note that during my SRU shift I noticed that cinder
2:20.3.1-0ubuntu1.5 on jammy/s390x is consistently failing[1] its
autopkgtests, including a migration-reference/0 run:


133s autopkgtest [18:26:22]: test cinder-daemons: [-----------------------
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:152: SAWarning: implicitly coercing SELECT object to scalar subquery; please use the .scalar_subquery() method to produce a scalar subquery.
134s   last_heartbeat = column_property(
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:160: SAWarning: implicitly coercing SELECT object to scalar subquery; please use the .scalar_subquery() method to produce a scalar subquery.
134s   num_hosts = column_property(
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:169: SAWarning: implicitly coercing SELECT object to scalar subquery; please use the .scalar_subquery() method to produce a scalar subquery.
134s   num_down_hosts = column_property(
134s 2024-11-14 18:26:23.805 9856 INFO cinder.db.migration [-] Applying migration(s)
134s 2024-11-14 18:26:23.806 9856 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
134s 2024-11-14 18:26:23.806 9856 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
134s 2024-11-14 18:26:23.817 9856 INFO alembic.runtime.migration [-] Running upgrade  -> 921e1a36b076, Initial migration.
135s 2024-11-14 18:26:24.627 9856 INFO cinder.db.migration [-] Migration(s) applied
135s Job for cinder-scheduler.service failed.
135s See "systemctl status cinder-scheduler.service" and "journalctl -xeu cinder-scheduler.service" for details.
136s autopkgtest [18:26:25]: test cinder-daemons: -----------------------]
136s autopkgtest [18:26:25]: test cinder-daemons:  - - - - - - - - - - results - - - - - - - - - -
136s cinder-daemons       FAIL non-zero exit status 1


1. https://autopkgtest.ubuntu.com/packages/cinder/jammy/s390x

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive antelope series:
  Fix Committed
Status in Ubuntu Cloud Archive bobcat series:
  Fix Committed
Status in Ubuntu Cloud Archive caracal series:
  Fix Committed
Status in Ubuntu Cloud Archive ussuri series:
  New
Status in Ubuntu Cloud Archive yoga series:
  New
Status in cinder package in Ubuntu:
  Invalid
Status in cinder source package in Focal:
  Fix Released
Status in cinder source package in Jammy:
  Fix Released
Status in cinder source package in Noble:
  Fix Released

Bug description:
  Ubuntu Jammy cinder package version 2:20.3.1-0ubuntu1.4 [1] backported fix [2] for the LP#2059809 [3] (the CVE-2024-32498 fix).
  The upstream fix [2] calls the `format_inspector.detect_file_format` with elevated privileges [4], however the code in the Ubuntu package does not [5]. Instead it calls the `format_inspector.detect_file_format` without using privsep. That is causing the following error when creating qcow image from volume (using purestorage driver):
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/volume/manager.py", line 1744, in copy_volume_to_image
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     self.driver.copy_volume_to_image(context, volume,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/volume/driver.py", line 919, in copy_volume_to_image
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     volume_utils.upload_volume(context,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/volume/volume_utils.py", line 1341, in upload_volume
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     image_utils.upload_volume(context, image_service, image_meta, volume_path,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 1083, in upload_volume
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     data = qemu_img_info(volume_path, run_as_root=run_as_root)
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 164, in qemu_img_info
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     inspector = format_inspector.detect_file_format(path)
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File "/usr/lib/python3/dist-packages/cinder/image/format_inspector.py", line 921, in detect_file_format
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server     with open(filename, 'rb') as f:
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server PermissionError: [Errno 13] Permission denied: '/dev/dm-0'

  [1] https://launchpad.net/ubuntu/+source/cinder/2:20.3.1-0ubuntu1.4
  [2] https://review.opendev.org/c/openstack/cinder/+/923873
  [3] https://launchpad.net/bugs/2059809
  [4] https://review.opendev.org/c/openstack/cinder/+/923873/9/cinder/image/image_utils.py#164
  [5] https://launchpadlibrarian.net/737789879/cinder_2%3A20.2.0-0ubuntu1.1_2%3A20.3.1-0ubuntu1.4.diff.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list