Bug 1927040

Summary: glibc: After upgrade, before reboot, systemd services using USER= do not start (caused by fix for bug 1871397)
Product: Red Hat Enterprise Linux 8 Reporter: Carlos O'Donell <codonell>
Component: glibcAssignee: Carlos O'Donell <codonell>
Status: CLOSED ERRATA QA Contact: Sergey Kolosov <skolosov>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: ashankar, codonell, davide, dj, fweimer, glibc-bugzilla, lmiksik, mnewsome, pfrankli, sipoyare
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc-2.28-149.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1932770 (view as bug list) Environment:
Last Closed: 2021-05-18 14:36:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1932770    
Bug Blocks:    

Description Carlos O'Donell 2021-02-09 22:11:19 UTC 
The fix for bug 1871397 creates a private interface requirement between one of the default NSS plugins and libc.

This means that a long-running process, like systemd, may be loaded with the old libc.so.6, but not yet have accessed any IdM information via NSS plugins.

When a service is forked the service using USER= tried to load the newly upgraded NSS plugin, and that fails because it needs the new GLIBC_PRIVATE API from libc.so.6.

Even though glibc is marked as needing a reboot after upgrade, we want to, and can achieve a satisfactory result by duplicating the GLIBC_PRIVATE function into the NSS plugin itself (at least we can in this case).

If we can, we should attempt to allow an upgrade without requiring a reboot since this supports kpatch and avoids server reboots.

In-place upgrades from RHEL7 to RHEL8 should not be impacted because they would reboot the system and run from an initramfs that modifies the existing install and then reboots.
Comment 1 Carlos O'Donell 2021-02-09 22:12:18 UTC 
This was initially reported by CentOS 8 Stream users here:
https://bugzilla.redhat.com/show_bug.cgi?id=1871397#c14
Comment 14 errata-xmlrpc 2021-05-18 14:36:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: glibc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1585