[jira] [Created] (CLOUDSTACK-9978) Kernel security update for CVE-2017-1000364 breaks cloudstack startup scripts with jsvc on Ubuntu 14.04 or 16.04

[Milamber (JIRA)]

Milamber created CLOUDSTACK-9978:
------------------------------------

             Summary: Kernel security update for CVE-2017-1000364 breaks 
cloudstack startup scripts with jsvc on Ubuntu 14.04 or 16.04
                 Key: CLOUDSTACK-9978
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9978
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: cloudstack-agent, Management Server
    Affects Versions: 4.10.0.0, 4.9.2.0
         Environment: Ubuntu 14.04 or Ubuntu 16.04
            Reporter: Milamber
            Priority: Blocker
             Fix For: Future


cloudstack-management or cloudstack-agent services won't start
The error message is : "jsvc.exec error: Service killed by signal 11"

This is a 'bug' from the last kernel update (~2017/06/20).
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865311


Workarounds (for 4.9 or 4.10):

Revert the last kernel update or add -Xss1280k option into the startup scripts 
(after the -Xmx option for example)



====Diff for fix this issue on 4.9 cloudstack-agent script===

# diff cloudstack-agent_orig cloudstack-agent
103c103
<     if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m 
-Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile SYSLOG 
$CLASS
---
>     if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m 
> -Xmx2048m -Xss1280k -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" 
> -errfile SYSLOG $CLASS





--
This message was sent by Atlassian JIRA
(v6.4.14#64029)