1927040 – glibc: After upgrade, before reboot, systemd services using USER= do not start (caused by fix for bug 1871397)

Bug 1927040 - glibc: After upgrade, before reboot, systemd services using USER= do not start (caused by fix for bug 1871397)

Summary: glibc: After upgrade, before reboot, systemd services using USER= do not star...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	8.4
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	8.0
Assignee:	Carlos O'Donell
QA Contact:	Sergey Kolosov
Docs Contact:
URL:
Whiteboard:
Depends On:	1932770
Blocks:
TreeView+	depends on / blocked

Reported:	2021-02-09 22:11 UTC by Carlos O'Donell
Modified:	2023-07-18 14:30 UTC (History)
CC List:	10 users (show)
Fixed In Version:	glibc-2.28-149.el8
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	1932770 (view as bug list)
Environment:
Last Closed:	2021-05-18 14:36:50 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1871397	0	unspecified	CLOSED	glibc: Fix fgetsgent_r data corruption bug	2023-07-18 14:30:35 UTC

Internal Links: 1871397

Description Carlos O'Donell 2021-02-09 22:11:19 UTC

The fix for bug 1871397 creates a private interface requirement between one of the default NSS plugins and libc.

This means that a long-running process, like systemd, may be loaded with the old libc.so.6, but not yet have accessed any IdM information via NSS plugins.

When a service is forked the service using USER= tried to load the newly upgraded NSS plugin, and that fails because it needs the new GLIBC_PRIVATE API from libc.so.6.

Even though glibc is marked as needing a reboot after upgrade, we want to, and can achieve a satisfactory result by duplicating the GLIBC_PRIVATE function into the NSS plugin itself (at least we can in this case).

If we can, we should attempt to allow an upgrade without requiring a reboot since this supports kpatch and avoids server reboots.

In-place upgrades from RHEL7 to RHEL8 should not be impacted because they would reboot the system and run from an initramfs that modifies the existing install and then reboots.

Comment 1 Carlos O'Donell 2021-02-09 22:12:18 UTC

This was initially reported by CentOS 8 Stream users here:
https://bugzilla.redhat.com/show_bug.cgi?id=1871397#c14

Comment 14 errata-xmlrpc 2021-05-18 14:36:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: glibc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1585

Note You need to log in before you can comment on or make changes to this bug.