Public bug reported:
WHAT RECENTLY CHANGED
Recently, a security update was pushed out for the openssh-server
package.
The package changes:
-openssh-client 1:5.3p1-3ubuntu4
-openssh-server 1:5.3p1-3ubuntu4
-openssl 0.9.8k-7ubuntu8.4
+openssh-client 1:5.3p1-3ubuntu5
+openssh-server 1:5.3p1-3ubuntu5
+openssl 0.9.8k-7ubuntu8.5
The upgrade makes a change to the /etc/init/ssh.conf file:
$ diff before/etc/init/ssh.conf after/etc/init/ssh.conf
10d9
< expect fork
15c14
< #oom never
---
> oom never
27c26
< exec /usr/sbin/sshd
---
> exec /usr/sbin/sshd -D
THE PROBLEM
I have a virtual machine at Tektonic.net. This service is a virtuozzo
VM. After upgrading to the new 1:5.3p1-3ubuntu5 package, I could no
longer SSH into the VM. I rebooted the machine, and SSH never allowed a
connection ("connection refused").
I found this in my /var/log/syslog. The timestamp corresponds to when I
did the upgrade (and I forget whether I manually did a "service ssh
restart").
Jan 23 16:04:23 satu init: ssh main process (32282) terminated with status 255
Jan 23 16:04:23 satu init: Failed to spawn ssh pre-start process: unable to set
oom adjustment: Operation not
permitted
WORK-AROUND
I booted the VM in "recovery mode", which allows me to directly modify
the files on the VM's disk image. I reverted the /etc/init/ssh.conf to
the way it was in version 1:5.3p1-3ubuntu4 (removing the "-D" and the
"oom never" and adding back the "expect fork"). When I rebooted, the
machine came up normally and I was able to SSH in again.
SYSTEM INFORMATION
I know that Virtuozzo machines are a little different than normal
machines... they are more like a "chroot jail" than a normal machine.
And I am not sure if those differences are what caused SSH to not
respond. But I have installed the same upgrade on native machines and
on Xen VM's with no problems.
If you need more information about this Virtuozzo VM, I am happy to
provide details.
$ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
$ apt-cache policy openssh-server
openssh-server:
Installed: 1:5.3p1-3ubuntu5
Candidate: 1:5.3p1-3ubuntu5
Version table:
*** 1:5.3p1-3ubuntu5 0
500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
100 /var/lib/dpkg/status
1:5.3p1-3ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
https://bugs.launchpad.net/bugs/707098
Title:
"oom" change in 1:5.3p1-3ubuntu5 causes "operation not permitted"
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
