Ubuntu
libsepol package

Trusty's libsepol1 causes issues with Precise's Upstart during dist-upgrade

Bug #1331555 reported by Michael Wisheu
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libsepol (Debian)
Fix Released
Unknown
libsepol (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Dimitri John Ledkov
Ubuntu ubuntu-14.04.2
Utopic
Fix Released
High
Unassigned

Bug Description

Trusty's libsepol1 (2.2-1) has no Upstart version check for the 'telinit u' call. During the dist-upgrade from Precise to Trusty this causes Upstart to loose its state. Because of this Upstart no longer knows which PIDs running services have and thus all service reloads fail.

This bug is similarly to bug http://pad.lv/1313712 and the same fix applies.

Faulty code:
if [ "$1" = "configure" ]; then
 # Restart init. If it fails, there is nothing we can do, so
 # just ignore the error (NOTE: Borrowed from libc6.postinst)
 telinit u 2>/dev/null || true ; sleep 1
fi

Correct code:
if [ "$1" = "configure" ]; then
 # Restart init. If it fails, there is nothing we can do, so
 # just ignore the error (NOTE: Borrowed from libc6.postinst)
 if dpkg --compare-versions "$UPSTART_VERSION_RUNNING" ge 1.6.1; then
  telinit u 2>/dev/null || true ; sleep 1
 fi
fi

accepted fix in debian packaging is to drop the postinst all together, since none of the libsepol symbols are used by neither upstart or systemd.

See original description
Revision history for this message
Michael Wisheu (wisheu) wrote :

Dimitri, I've just encountered another unchecked 'telinit u' call causing Upstart issues case. :-/

description: updated
description: updated
Michael Wisheu (wisheu)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libsepol (Ubuntu):
status: New → Confirmed
Dimitri John Ledkov (xnox)
Changed in libsepol (Ubuntu Trusty):
status: New → Confirmed
Changed in libsepol (Ubuntu Utopic):
importance: Undecided → High
Changed in libsepol (Ubuntu Trusty):
importance: Undecided → High
milestone: none → ubuntu-14.04.2
Revision history for this message
Laurent Bigonville (bigon) wrote :

I've just dropped the postinst script that reload the init during the upgrade of libsepol.

It was also causing issues with systemd actually. And anyway nor upstart nor systemd was using any of it's symbols directly (libsepol is statically linked in libselinux)

So this should be fixed in 2.3-2

Dimitri John Ledkov (xnox)
Changed in libsepol (Ubuntu Trusty):
assignee: nobody → Dimitri John Ledkov (xnox)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

libsepol (2.3-2) unstable; urgency=medium

  * Drop debian/libsepol1.postinst: Reloading systemd during an upgrade in an
    uncontroled way might endup with unwanted side effects (Closes: #753727)

 -- Laurent Bigonville <email address hidden> Sun, 31 Aug 2014 20:02:14 +0200

Changed in libsepol (Ubuntu):
status: Confirmed → Fix Released
Changed in libsepol (Ubuntu Utopic):
status: Confirmed → Fix Released
description: updated
Dimitri John Ledkov (xnox)
Changed in libsepol (Ubuntu Trusty):
status: Confirmed → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in libsepol (Debian):
status: Unknown → Fix Released
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Michael, or anyone else affected,

Accepted libsepol into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libsepol/2.2-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in libsepol (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Confirmed in an lxc container, job status from initctl list and processes preserved across upgrade from precise to (trusty + trusty-updates + trusty-proposed) which pulled the new libsepol

tags: added: verification-done
removed: verification-needed
Revision history for this message
Chris J Arges (arges) wrote : Update Released

The verification of the Stable Release Update for libsepol has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libsepol - 2.2-1ubuntu0.1

---------------
libsepol (2.2-1ubuntu0.1) trusty; urgency=medium

  [ Laurent Bigonville ]
  * Drop debian/libsepol1.postinst: Which had unguarded `telinit u' call,
    which is not strictly needed and otherwise causes unwatned side
    effects to the init process. (Closes: #753727) (LP: #1331555)
 -- Dimitri John Ledkov <email address hidden> Wed, 26 Nov 2014 00:26:53 +0000

Changed in libsepol (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.