Bug 1516569
Summary: | Unable to mount a secret inside another secrets mount point with kernel 3.10.0-693.5.2 | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ryan Howe <rhowe> |
Component: | Node | Assignee: | Joel Smith <joelsmith> |
Status: | CLOSED ERRATA | QA Contact: | DeShuai Ma <dma> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.6.0 | CC: | amurdaca, aos-bugs, dwalsh, joelsmith, jokerman, mmccomas, pdwyer, sjenning, sreber, vgoyal, wjiang |
Target Milestone: | --- | Keywords: | TestCaseNeeded |
Target Release: | 3.9.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-28 14:13:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1267746 |
Description
Ryan Howe
2017-11-22 23:24:17 UTC
Issue is seen when booting wit kernel 3.10.0-693.5.2.el7.x86_64 After rolling kernel back to: 3.10.0-514.21.1.el7.x86_64 the issue is not seen and secrets are able to be mounted inside other secrets. Version of OpenShift did not change. *** Bug 1516887 has been marked as a duplicate of this bug. *** I have filed an issue upstream in the Kubernetes project: https://github.com/kubernetes/kubernetes/issues/57421 and I have also posted a pull request of code changes to address the issue: https://github.com/kubernetes/kubernetes/pull/57422 It's going to take some time for the community to review the pull request and make a decision about how to handle things. Assuming they like the patch as-is (or with minor modifications), we might see it merged early next year. Red Hat still hasn't made any decisions about which old versions of OpenShift should receive the patch, but once we do, I'd then backport the patch to those versions. Merged in Origin: https://github.com/openshift/origin/pull/18165 Checked with # openshift version openshift v3.9.0-0.38.0 kubernetes v1.9.1+a0ce1bc657 etcd 3.2.8 and # uname -r 3.10.0-843.el7.x86_64 Can not reproduce this issue, so verify this. Thanks for reporting this bug. My investigation of this bug led to the discovery of CVE-2017-1002102 (#1551818). Because the fixes for the security flaw also address this bug, you should be able to install an updated version to remedy this bug. I'm sure the errata tool will update with this bug with the information at some point, but in the mean time, you can get updated versions for each affected branch (the bug goes back to OpenShift 3.3): 3.3.1.46.11-1.git.4.e236015 3.4.1.44.38-1.git.4.bb8df08 3.5.5.31.48-1.git.4.ff6153e 3.6.173.0.96-1.git.4.e6301f8 3.7.23-1.git.5.83efd71 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489 |