[
https://issues.apache.org/jira/browse/CLOUDSTACK-9978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064753#comment-16064753
]
Wido den Hollander commented on CLOUDSTACK-9978:
------------------------------------------------
It seems that there is already a fix from Debian/Ubuntu's side for the kernel.
Thanks for the workaround, but it doesn't seem that we need to take action.
> Kernel security update for CVE-2017-1000364 breaks cloudstack startup scripts
> with jsvc on Ubuntu 14.04 or 16.04
> ----------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9978
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9978
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: cloudstack-agent, Management Server
> Affects Versions: 4.10.0.0, 4.9.2.0
> Environment: Ubuntu 14.04 or Ubuntu 16.04
> Reporter: Milamber
> Priority: Blocker
> Fix For: Future
>
>
> cloudstack-management or cloudstack-agent services won't start
> The error message is : "jsvc.exec error: Service killed by signal 11"
> This is a 'bug' from the last kernel update (~2017/06/20).
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865311
> Workarounds (for 4.9 or 4.10):
> Revert the last kernel update or add -Xss1280k option into the startup
> scripts (after the -Xmx option for example)
> ====Diff for fix this issue on 4.9 cloudstack-agent script===
> # diff cloudstack-agent_orig cloudstack-agent
> 103c103
> < if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m
> -Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile
> SYSLOG $CLASS
> ---
> > if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m
> > -Xmx2048m -Xss1280k -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE"
> > -errfile SYSLOG $CLASS
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
