Bug #1950508 “unified cgroup incorrectly used in container on ho...” : Bugs : systemd package : Ubuntu

Dan Streetman (ddstreet) on 2021-11-10

Changed in systemd (Ubuntu Jammy):
assignee:	nobody → Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Impish):
assignee:	nobody → Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in systemd (Ubuntu Impish):
importance:	Undecided → Medium
Changed in systemd (Ubuntu Jammy):
status:	New → In Progress
Changed in systemd (Ubuntu Impish):
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-12-08:

#1

Download full text (13.8 KiB)

This bug was fixed in the package systemd - 249.5-2ubuntu1

---------------
systemd (249.5-2ubuntu1) jammy; urgency=medium

  * Merge to Ubuntu from Debian unstable
    - Dropped changes (applied upstream):
      + UBUNTU-units-disable-journald-watchdog.patch
      + test-Allow-running-only-a-subset-of-integration-tests-by-.patch
      + hwdb-Add-ProBook-to-use-micmute-hotkey.patch
      + d/p/lp1931578/*.patch (ActivationPolicy=)
      + lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch
      + d/p/lp1858210/*.patch (tzdata.zi)
      + lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch
      + lp1934981-correct-suspend-then-sleep-string.patch
      + CVE-2020-13529.patch
      + CVE-2021-33910.patch
      + Merge-pull-request-20199-from-ddstreet-unit_cgroup_catchu.patch
      + udev-fix-slot-based-network-names-on-s390.patch
      + udev-add-missing-initialization-to-fix-freeing-invalid-ad.patch
      + udev-allow-onboard-index-up-to-65535.patch
      + lp1940635.patch (networkd failed to acquire a DHCP6 lease, v249.5)
  * debian/gbp.conf: Update debian-branch to ubuntu-jammy
    File: debian/gbp.conf
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f35b4d6c0653c3125b2e0e5d962f84543733c3c0
  * Refresh Ubuntu-UseDomains-by-default.patch
    File: debian/patches/debian/Ubuntu-UseDomains-by-default.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e3b2ffb1c2c2bf2223f91b350c1fd06b8903346
  * Refresh UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
    File: debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7142fb9381ab98d750a7c2473087ea7264be860d
  * Refresh UBUNTU-Revert-cgroup-Continue-unit-reset-if-cgroup-is-busy.patch
    File: debian/patches/debian/UBUNTU-Revert-cgroup-Continue-unit-reset-if-cgroup-is-busy.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3de0f444bfc0cf3b601c4a1ad8939d2cd69cdad6
  * Refresh UBUNTU-resolved-default-no-negative-caching.patch
    File: debian/patches/debian/UBUNTU-resolved-default-no-negative-caching.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d7b25651ea7ceae2ebfeafb84d9d65fb8284367a
  * Refresh Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    File: debian/patches/Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=61b004d7710b305d9996b3ad9bb47dc372fcbbac
  * Refresh UBUNTU-src-test-testmount-util.c-Skip-parts-of-test-mount-util-in-LXC.patch
    File: debian/patches/debian/UBUNTU-src-test-testmount-util.c-Skip-parts-of-test-mount-util-in-LXC.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5fe343a0fc89771820f997c2d6621ac517d9070f
  * Refresh Merge-pull-request-20705-from-yuwata-test-oomd-util.patch
    File: debian/patches/Merge-pull-request-20705-from-yuwata-test-oomd-util.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e88125...

This bug was fixed in the package systemd - 249.5-2ubuntu1

---------------
systemd (249.5-2ubuntu1) jammy; urgency=medium

* Merge to Ubuntu from Debian unstable
    - Dropped changes (applied upstream):
      + UBUNTU-units-disable-journald-watchdog.patch
      + test-Allow-running-only-a-subset-of-integration-tests-by-.patch
      + hwdb-Add-ProBook-to-use-micmute-hotkey.patch
      + d/p/lp1931578/*.patch (ActivationPolicy=)
      + lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch
      + d/p/lp1858210/*.patch (tzdata.zi)
      + lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch
      + lp1934981-correct-suspend-then-sleep-string.patch
      + CVE-2020-13529.patch
      + CVE-2021-33910.patch
      + Merge-pull-request-20199-from-ddstreet-unit_cgroup_catchu.patch
      + udev-fix-slot-based-network-names-on-s390.patch
      + udev-add-missing-initialization-to-fix-freeing-invalid-ad.patch
      + udev-allow-onboard-index-up-to-65535.patch
      + lp1940635.patch (networkd failed to acquire a DHCP6 lease, v249.5)
  * debian/gbp.conf: Update debian-branch to ubuntu-jammy
    File: debian/gbp.conf
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f35b4d6c0653c3125b2e0e5d962f84543733c3c0
  * Refresh Ubuntu-UseDomains-by-default.patch
    File: debian/patches/debian/Ubuntu-UseDomains-by-default.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e3b2ffb1c2c2bf2223f91b350c1fd06b8903346
  * Refresh UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
    File: debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7142fb9381ab98d750a7c2473087ea7264be860d
  * Refresh UBUNTU-Revert-cgroup-Continue-unit-reset-if-cgroup-is-busy.patch
    File: debian/patches/debian/UBUNTU-Revert-cgroup-Continue-unit-reset-if-cgroup-is-busy.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3de0f444bfc0cf3b601c4a1ad8939d2cd69cdad6
  * Refresh UBUNTU-resolved-default-no-negative-caching.patch
    File: debian/patches/debian/UBUNTU-resolved-default-no-negative-caching.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d7b25651ea7ceae2ebfeafb84d9d65fb8284367a
  * Refresh Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    File: debian/patches/Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=61b004d7710b305d9996b3ad9bb47dc372fcbbac
  * Refresh UBUNTU-src-test-testmount-util.c-Skip-parts-of-test-mount-util-in-LXC.patch
    File: debian/patches/debian/UBUNTU-src-test-testmount-util.c-Skip-parts-of-test-mount-util-in-LXC.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5fe343a0fc89771820f997c2d6621ac517d9070f
  * Refresh Merge-pull-request-20705-from-yuwata-test-oomd-util.patch
    File: debian/patches/Merge-pull-request-20705-from-yuwata-test-oomd-util.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e88125e4580e29ccc4417464301d68a23f313415
  * Refresh patches/offset, using gbp
    Files:
    - debian/patches/debian/UBUNTU-Revert-namespace-be-more-careful-when-handling-namespacin.patch
    - debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
    - debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
    - debian/patches/debian/UBUNTU-src-test-test-execute.c-Skip-parts-of-test-execute-in-con.patch
    - debian/patches/debian/UBUNTU-test-sleep-skip-test_fiemap-upon-inapproriate-ioctl-.patch
    - debian/patches/debian/UBUNTU-units-block-CAP_SYS_MODULE-units-in-containers-too.patch
    - debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
    - debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
    - debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch
    - debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fd33ff25c6aa25f33054053c06f2936d51e8f645
  * debian/rules: Fix FTBFS on i386 by removing unneeded linuxia32.elf.sub to avoid
    debugedit errors
    File: debian/rules
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=381cc855978f441f6f45f215a7c864e61d67ab0a
  * debian/control: cleanup (upstart is no more)
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e93509e1970ee170e4a4ed655c55f55446e4078d
  * debian/systemd.NEWS: re-add comment about cgroups v2
    File: debian/systemd.NEWS
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=51a7a11dba9a6248b8575c05c00e70aa6b9141fb
  * debian/rules: explicitly enable default-hierarchy=unified
    to stay in line with Debian
    File: debian/rules
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b6804a5aee1bcf1dfd3415c048cbf94d482652a2
  * debian/udev.postinst: Drop old 'getent group kvm' workaround
    File: debian/udev.postinst
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=081fddb76415eb959fd898b503eec0354d44fb31
  * d/t/boot-and-services: skip test_service, broken on kernel > 5.10
    (systemd#20989)
    File: debian/tests/boot-and-services
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8ca6fbb84ccd09c4e199dec9fd9536c0b3637bc5
  * d/t/tests-in-lxd: account for different locations of source tree
    File: debian/tests/tests-in-lxd
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f454c89619915566af2644b14eada41075631f6a
  * d/t/control: fix upstream* test dependencies
    File: debian/tests/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ca404329f73f90316241680985ee8721d27d6092
  * d/t/tests-in-lxd: work around systemd-sysusers issue on privileged containers
    (LP: #1950787)
    File: debian/tests/tests-in-lxd
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d4e05ecbc1a32d2e6d454c05a2899058c3a04bac
  * Drop units-Don-t-start-systemd-udev-trigger.service-in-a-conta.patch
    we do run udevd in our containers and actually rely on udevadm trigger
    happening on boot for the udev database to populate with the relevant
    network devices that are present in the container
    It was added when systemd upstream made udevadm trigger more picky
    (would fail when it used to succeed), but they now have failures from udevadm
    ignored in the upstream unit
    making this patch un-necessary and actually harmful to those running Ubuntu in
    system containers
    File: debian/patches/units-Don-t-start-systemd-udev-trigger.service-in-a-conta.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ba89ae0b007e1fed3d9e1b2aefa86cf9c6e7a022
  * Drop lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch.
    The systemd-resolve symlink for backwards compatibility is no more as of v249
    File: debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c26f6843f498966e8506e71870255b627fcbd7c7
  * Revert: sd-dhcp: do not use detect_container() to guess udev is running or not
    (LP: #1950794)
    File: debian/patches/lp1950794-Revert-sd-dhcp-do-not-use-detect_container-to-guess-.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=794597758ac9527b81696bb785d99cd2ddfa2707
  * Support detection for ARM64 Hyper-V guests (LP: #1952599)
    Files:
    - debian/patches/lp1952599/0001-virt-Support-detection-for-ARM64-Hyper-V-guests.patch
    - debian/patches/lp1952599/0002-virt-Fix-the-detection-for-Hyper-V-VMs.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=57f51781646327832f15294368842da015f3c433

[Yao Wei]
  * Add ACCEL_LOCATION=base property for Dell clamshell models (LP: #1943561)
    Files:
    - debian/patches/lp1943561/Add-additional-Dell-models-that-require-ACCEL_LOCATION-ba.patch
    - debian/patches/lp1943561/Use-SKU-to-identify-Dell-clamshell-models-for-acceleromet.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9f99081482b76a7b717e39ef4380f08093e4359a

[Andy Chi]
  * Add privacy micmute hotkey for Dell machine. (LP: #1952733)
    File: debian/patches/lp1952733-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-Map.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e590db02f015a0e999909b67e0cefbb4295c53a5
  * Add microphone mute key for Dell machine. (LP: #1952735)
    File: debian/patches/lp1952735-keymap-Add-microphone-mute-keymap-for-Dell-Machine.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=03799d7649fd5e0dae226c81441932d19cb6cc36

[Dan Streetman]
  * d/p/lp1950508-cgroup-check-if-any-controller-is-in-use-as-v1.patch:
    Use cgroupv1 in container if host using cgroupv1
    (LP: #1950508)

systemd (249.5-2) unstable; urgency=medium

[ Helmut Grohne ]
  * Fix FTCBFS: Annotate python3-jinja2 dependency with :native
    (Closes: #996501)

[ Michael Biebl ]
  * hwdb: Allow console users access to media* nodes (Closes: #996749)

systemd (249.5-1) unstable; urgency=medium

* New upstream version 249.5
  * Rebase patches
  * Update debian/copyright
  * Clean up lintian overrides

systemd (249.4-2) unstable; urgency=medium

* Upload to unstable
  * Remove unused initialize_coredump() function
  * Fix #993738 by pulling the patches from upstream PR#20603

systemd (249.4-1) experimental; urgency=medium

* New upstream version 249.4
  * Rebase patches

systemd (249.3-4) experimental; urgency=medium

* Add Conflicts/Replaces: systemd to systemd-standalone-{sysusers,tmpfiles}
    This allows upgrades from older systemd versions which do not have
    Provides: systemd-{sysusers,tmpfiles}. (Closes: #992376)

systemd (249.3-3) experimental; urgency=medium

* Use C/R/P for systemd-sysusers and systemd-tmpfiles.
    It's an interface/facility that can only be provided by a single package
    at a time.

systemd (249.3-2) experimental; urgency=medium

* Provide standalone binaries for sysusers and tmpfiles (Closes: #946456)
  * Fix test dependencies of upstream test.
    After splitting out the standalone binaries for sysusers and tmpfiles
    into separate packages (which conflict with the main systemd package),
    we can no longer use the '@' notation in the upstream test.
    This reverts commit 5eeeb1b562a1a9802df105091bda4741c263336d and also
    adds systemd-tests and systemd-timesyncd to the upstream test
    dependencies.

systemd (249.3-1) experimental; urgency=medium

* New upstream version 249.3
  * Rebase patches
  * Remove obsolete systemd-resolve compat symlink

systemd (249.2-2) experimental; urgency=medium

* Remove obsolete upgrade code from maintainer scripts
  * Clean up old versions from maintscript files
  * Drop obsolete systemd Breaks/Replaces
  * Drop obsolete python-dbusmock Breaks
  * Turn versioned systemd-shim Breaks into unversioned Conflicts.
    There never was a fixed systemd-shim version before it was removed from
    the archive.
  * Drop patches which are no longer needed after bullseye
  * Stop setting up device symlinks for CD-RW/DVD drives.
    Those udev rules were a Debian specific workaround that were mainly
    added for compat with older software which wasn't able to automatically
    discover those types of devices. Those rules didn't provide
    stable/predictable names though, so remove them. (Closes: #991639)
  * autopkgtest: add systemd-timesyncd dependency to timedated test.
    We need systemd-timesyncd in the timedated test, not just an arbitrary
    provider of time-daemon.
  * autopkgtest: clean up dependencies of boot-smoke test.
    A lot of the dependencies are not needed but were originally added to
    avoid a testbed reset and make it possible to reuse the testbed of the
    upstream test. This turned out to be a maintenance problem and the
    dependencies were not updated accordingly. Instead of trying to keep the
    two tests in sync, trim down the boot-smoke dependencies to its bare
    minimum.

systemd (249.2-1) experimental; urgency=medium

* New upstream version 249.2
  * Rebase patches

systemd (249.1-1) experimental; urgency=medium

* New upstream version 249.1
    - basic/unit-name: do not use strdupa() on a path (CVE-2021-33910)

systemd (249-1) experimental; urgency=medium

* New upstream version 249
  * Rebase patches
  * Update symbol versions for the v249 release
  * Fix removal of systemd-hwdb-update.service.
    As we don't support factory-reset, we don't need this service.
    In Debian, the hwdb binary database is updated via a dpkg file trigger.

systemd (249~rc3-1) experimental; urgency=medium

* New upstream version 249~rc3
  * Rebase patches

systemd (249~rc2-1) experimental; urgency=medium

* New upstream version 249~rc2
  * Rebase patches

systemd (249~rc1-1) experimental; urgency=medium

[ Michael Biebl ]
  * New upstream version 249~rc1
  * Rebase patches
  * Replace m4 Build-Depends with python3-jinja2
  * Update symbols file for libsystemd0
  * test: do not run 'meson configure' if NO_BUILD is set
  * test: drop the mawk-incompatible expression
  * Add gawk <!nocheck> to Build-Depends.
    It is used in tools/check-directives.sh which is run during "meson test".
  * autopkgtest: add udev dependency to unit-tests.
    Without a properly set up hwdb the test-sd-hwdb test is skipped.

[ Luca Boccassi ]
  * autopkgtest: add dependency on dosfstools for upstream test.
    Needed to create EFI partition (vfat)

-- Lukas Märdian <slyon@ubuntu.com>  Thu, 02 Dec 2021 10:16:33 +0100

Changed in systemd (Ubuntu Jammy):
status:	In Progress → Fix Released

Dan Streetman (ddstreet) on 2022-01-12

Changed in systemd (Ubuntu Impish):
assignee:	Dan Streetman (ddstreet) → nobody
status:	In Progress → New

Revision history for this message

Brian Murray (brian-murray) wrote on 2022-07-18:

#2

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.

Changed in systemd (Ubuntu Impish):
status:	New → Won't Fix

Ubuntu
systemd package

unified cgroup incorrectly used in container on host with legacy/hybrid cgroup

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
systemd (Ubuntu)	Fix Released	Medium	Dan Streetman
Impish	Won't Fix	Medium	Unassigned
Jammy	Fix Released	Medium	Dan Streetman

Ubuntusystemd package