Package: needrestart
Version: 2.11-2
Severity: normal
Dear Maintainer,
The script for apt-daily.service was recently modified by an update.
When this update was installed by `unattended-upgrades`, `needrestart`
restarted the service. I.e. needrestart terminates unattended-upgrades,
and hence itself. This causes a few lines of log noise (below), and
does not quite seem desirable.
Technically this could happen to *any* script triggered by a systemd
timer. At a guess, the behaviour would be similar to if the timer fired
just before someone shuts the system down, so we shouldn't worry *too*
much about this general case.
So either apt-daily.service could be treated specially, or needrestart
could ignore all Type=oneshot services.
The latter raises questions about a longer-running oneshot service
which is security-sensitive... So I think the simplest solution is
treat apt-daily.service specially.
apt-daily-upgrade.service should also be treated the same way,
because it also runs unattended-upgrades.
I think unattended-upgrades.service should also be treated
the same way, because this is the service that runs unattended-upgrades
on shutdown (if enabled).
May 17 02:48:40 unstable apt.systemd.daily[3046]: Restarting services...
May 17 02:48:40 unstable apt.systemd.daily[3046]: systemctl restart
apt-daily.service
May 17 02:48:40 unstable systemd[1]: apt-daily.service: Main process exited,
code=killed, status=15/TERM
May 17 02:48:40 unstable systemd[1]: Stopped Daily apt download activities.
May 17 02:48:40 unstable systemd[1]: apt-daily.service: Unit entered failed
state.
May 17 02:48:40 unstable systemd[1]: apt-daily.timer: Adding 11h 58min
38.111766s random time.
May 17 02:48:40 unstable systemd[1]: apt-daily.service: Failed with result
'signal'.
-- Package-specific info:
needrestart output:
-- System Information:
Debian Release: 9.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: armel
(armv5tel)
Kernel: Linux 3.16.0-4-kirkwood
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages needrestart depends on:
ii dpkg 1.18.23
ii gettext-base 0.19.8.1-2
ii libintl-perl 1.26-2
ii libmodule-find-perl 0.13-1
ii libmodule-scandeps-perl 1.23-1
ii libproc-processtable-perl 0.53-2
ii libsort-naturally-perl 1.03-1
ii libterm-readkey-perl 2.37-1
ii perl 5.24.1-2
ii xz-utils 5.2.2-1.2+b1
Versions of packages needrestart recommends:
ii libpam-systemd 232-23
Versions of packages needrestart suggests:
pn needrestart-session | libnotify-bin <none>
-- Configuration Files:
/etc/needrestart/needrestart.conf changed:
$nrconf{restart} = 'a';
$nrconf{blacklist} = [
# ignore sudo (not a daemon)
qr(^/usr/bin/sudo(\.dpkg-new)?$),
# ignore DHCP clients
qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$),
# ignore apt-get (Debian Bug#784237)
qr(^/usr/bin/apt-get(\.dpkg-new)?$),
];
$nrconf{override_rc} = {
# DBus
qr(^dbus) => 0,
# display managers
qr(^gdm) => 0,
qr(^kdm) => 0,
qr(^nodm) => 0,
qr(^sddm) => 0,
qr(^wdm) => 0,
qr(^xdm) => 0,
qr(^lightdm) => 0,
qr(^slim) => 0,
qr(^lxdm) => 0,
# networking stuff
qr(^network-manager) => 0,
qr(^NetworkManager) => 0,
qr(^wpa_supplicant) => 0,
qr(^openvpn) => 0,
qr(^quagga) => 0,
qr(^tinc) => 0,
# gettys
qr(^getty@.+\.service) => 0,
# systemd --user
qr(^user@\d+\.service) => 0,
# misc
qr(^zfs-fuse) => 0,
qr(^mythtv-backend) => 0,
qr(^xendomains) => 0,
qr(^lxcfs) => 0,
# workaround for broken systemd-journald
# (see also Debian Bug#771122 & #771254)
qr(^systemd-journald) => 0,
# more systemd stuff
# (see also Debian Bug#784238 & #784437)
qr(^emergency\.service$) => 0,
qr(^rescue\.service$) => 0,
# don't restart systemd-logind, see #798097
qr(^systemd-logind) => 0,
};
$nrconf{override_cont} = {
};
$nrconf{blacklist_interp} = [
# ignore temporary files
qr(^/tmp/),
qr(^/var/),
qr(^/run/),
];
$nrconf{blacklist_mappings} = [
# special device paths
qr(^/(SYSV00000000$|drm$|dev/)),
# aio(7) mapping
qr(^/\[aio\]),
# Oil Runtime Compiler's JIT files
qr(/orcexec\.[\w\d]+( \(deleted\))?$),
];
$nrconf{skip_mapfiles} = (-d '/proc/sys/kernel/grsecurity' ? -1 : 0);
if(-d q(/etc/needrestart/conf.d)) {
foreach my $fn (sort </etc/needrestart/conf.d/*.conf>) {
print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbose});
eval do { local(@ARGV, $/) = $fn; <>};
die "Error parsing $fn: $@" if($@);
}
}
-- no debconf information
