[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces
Guillaume Boutry
2085851 at bugs.launchpad.net
Tue Mar 18 10:43:13 UTC 2025
Verification done on jammy-antelope
Hello, I've done the necessary verification on Jammy Antelope. I have a
deployed a core openstack services and run the tempest tools to
functionally test these services.
I have attached the script I used to perform the whole verification and
the resulting logs.
Please note that in the case of jammy-antelope, I've had to backport the
versions from noble-caracal for tempest and fasteners.
tempest: 29.0.0-3 -> 36.0.0-2
python3-fasters: 0.14.1-2 -> 0.18-3
PPA holding these backport:
https://launchpad.net/~gboutry/+archive/ubuntu/jammy-backports/+packages
Tempest is the functional testing tool for OpenStack services. I've
preferred to use a more recent version of tempest to ensure right policy
and testing.
Verified versions:
cinder 2:22.1.1-0ubuntu1.3~cloud2
** Attachment added: "repro-jammy-antelope.log"
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+attachment/5865478/+files/repro-jammy-antelope.log
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/2085851
Title:
Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
pieces
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive antelope series:
Fix Committed
Status in Ubuntu Cloud Archive bobcat series:
Fix Committed
Status in Ubuntu Cloud Archive caracal series:
Fix Released
Status in Ubuntu Cloud Archive ussuri series:
Fix Committed
Status in Ubuntu Cloud Archive yoga series:
Fix Committed
Status in cinder package in Ubuntu:
Invalid
Status in cinder source package in Focal:
Fix Released
Status in cinder source package in Jammy:
Fix Released
Status in cinder source package in Noble:
Fix Released
Bug description:
Ubuntu Jammy cinder package version 2:20.3.1-0ubuntu1.4 [1] backported fix [2] for the LP#2059809 [3] (the CVE-2024-32498 fix).
The upstream fix [2] calls the `format_inspector.detect_file_format` with elevated privileges [4], however the code in the Ubuntu package does not [5]. Instead it calls the `format_inspector.detect_file_format` without using privsep. That is causing the following error when creating qcow image from volume (using purestorage driver):
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/volume/manager.py", line 1744, in copy_volume_to_image
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server self.driver.copy_volume_to_image(context, volume,
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/volume/driver.py", line 919, in copy_volume_to_image
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server volume_utils.upload_volume(context,
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/volume/volume_utils.py", line 1341, in upload_volume
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server image_utils.upload_volume(context, image_service, image_meta, volume_path,
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 1083, in upload_volume
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server data = qemu_img_info(volume_path, run_as_root=run_as_root)
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 164, in qemu_img_info
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server inspector = format_inspector.detect_file_format(path)
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server File "/usr/lib/python3/dist-packages/cinder/image/format_inspector.py", line 921, in detect_file_format
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server with open(filename, 'rb') as f:
2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server PermissionError: [Errno 13] Permission denied: '/dev/dm-0'
[1] https://launchpad.net/ubuntu/+source/cinder/2:20.3.1-0ubuntu1.4
[2] https://review.opendev.org/c/openstack/cinder/+/923873
[3] https://launchpad.net/bugs/2059809
[4] https://review.opendev.org/c/openstack/cinder/+/923873/9/cinder/image/image_utils.py#164
[5] https://launchpadlibrarian.net/737789879/cinder_2%3A20.2.0-0ubuntu1.1_2%3A20.3.1-0ubuntu1.4.diff.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list