Bug 1913962
| Summary: | "dnf needs-restarting -r" work incorrectly inside systemd-nspawn containers | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Gena Makhomed <makhomed> |
| Component: | dnf-plugins-core | Assignee: | Nicola Sella <nsella> |
| Status: | CLOSED ERRATA | QA Contact: | Jan Blazek <jblazek> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.3 | CC: | dstreit, james.antill, makhomed, nsella, pkratoch |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | dnf-plugins-core-4.0.21-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-09 19:52:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1951414 | ||
| Bug Blocks: | |||
Hello, thanks for the detailed explanation and solution proposed. I am trying to reproduce the bug, but I am getting an error $ machinectl start test Job for systemd-nspawn failed because the control process exited with error code. See "systemctl status systemd-nspawn" and "journalctl -xe" for details. The error is related to SELinux policies, so I have to set SELinux Permissive to get through this error. Then, the bug seems reproducible. Do you have any specific SELinux configuration? I would like to reproduce it with your configuration if possible. Thank you (In reply to nsella from comment #1) > I am trying to reproduce the bug, but I am getting an error > > $ machinectl start test > Job for systemd-nspawn failed because the control process > exited with error code. > See "systemctl status systemd-nspawn" and "journalctl -xe" for > details. > > The error is related to SELinux policies, so I have to set SELinux > Permissive to get through this error. Then, the bug seems reproducible. > Do you have any specific SELinux configuration? I would like to reproduce it > with your configuration if possible. Yes, sorry, I forgot to write about SELinux. I reproduce this bug with SELinux disabled: 1. Install RHEL 8.3 / CentOS 8.3 on host, install systemd-container package on host: dnf install systemd-container 1.1. disable SELinux in /etc/selinux/config, write SELINUX=disabled 1.2. reboot 2. Install RHEL 8.3 / CentOS 8.3 inside systemd-nspawn container: dnf --installroot=/var/lib/machines/test --releasever=8 install dnf python3-dnf-plugins-core systemd ... I added a PR with your patch https://github.com/rpm-software-management/dnf-plugins-core/pull/422 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: dnf security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4464 |
Description of problem: "dnf needs-restarting -r" work incorrectly inside systemd-nspawn containers Version-Release number of selected component (if applicable): binary: python3-dnf-plugins-core-4.0.17-5.el8.noarch.rpm source: dnf-plugins-core-4.0.17-5.el8.src.rpm How reproducible: always Steps to Reproduce: 1. Install RHEL 8.3 / CentOS 8.3 on host, install systemd-container package on host: dnf install systemd-container 2. Install RHEL 8.3 / CentOS 8.3 inside systemd-nspawn container: yum --installroot=/var/lib/machines/test --releasever=8 install dnf python3-dnf-plugins-core systemd 3. start container test: machinectl start test 4. enter inside container test: machinectl shell test 5. check if container needs restarting: dnf needs-restarting -r Actual results: # dnf needs-restarting -r Core libraries or services have been updated since boot-up: * dbus * dbus-daemon * glibc * systemd Reboot is required to fully utilize these updates. Expected results: # dnf needs-restarting -r No core libraries or services have been updated since boot-up. Reboot should not be necessary. Additional info: Cause of bug located in file: /usr/lib/python3.6/site-packages/dnf-plugins/needs_restarting.py Linus Torvalds say: "Talk is cheap. Show me the code". Ok. Patch to solve this bug: After this patch - command "dnf needs-restarting -r" will work correctly inside and outside systemd-nspawn containers. The first process start time could be used as container/host start time: int(os.stat('/proc/1/cmdline').st_mtime) /proc/1/cmdline is a virtual file in the procfs, whose creation date is the same as the container creation date or linux host boot time, if no containers is used. --- needs_restarting.py.orig 2020-08-12 00:06:14.000000000 +0300 +++ needs_restarting.py 2021-01-07 22:27:20.779006509 +0200 @@ -174,11 +174,7 @@ @staticmethod def get_boot_time(): - with open('/proc/stat') as stat_file: - for line in stat_file.readlines(): - if not line.startswith('btime '): - continue - return int(line[len('btime '):].strip()) + return int(os.stat('/proc/1/cmdline').st_mtime) @staticmethod def get_sc_clk_tck():