[Bug 2068627] Re: IMA Hashes keep changing on every reboot (PCR10)
Hi Hector, LF Edge Measured Boot and Remote Attestation document is a good picture of what we are trying to do: https://wiki.lfedge.org/spaces/flyingpdf/pdfpageexport.action?pageId=27722830 While our specific setup uses some non standard stuff like iso boot, please find a simple setup to reproduce this. 1. Enable Secure Boot in Bios if using a PC with TPM or use a Virtual machine with vtpm and Secure boot: hvm /usr/share/OVMF/OVMF_CODE_4M.ms.fd /var/lib/libvirt/qemu/nvram/ubuntu24.04_VARS.fd 2. Install ubuntu 22.04. The default 5.15 kernel does not perform kernel module integrity measurements as seen from /sys/kernel/security/ima/ascii_runtime_measurements. Install hwe kernel package ( linux-image-generic-hwe-22.04 ) to upgrade to 6.15 where the kernel module integrity is checked as well. I see some minor build flags changed between the two for CONFIG_IMA and CONFIG_INTEGRITY. But, at this step, PCR10 changes on every reboot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2068627 Title: IMA Hashes keep changing on every reboot (PCR10) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2068627/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2068627] Re: IMA Hashes keep changing on every reboot (PCR10)
Sorry, I have now updated the report addding the diff of tpm2_pcrread ** Description changed: In my understanding (not an expert on this) the linux integrity measure hash should not change unless there is a real change to kernel/modules or the aggregate boot measure. We are tying to use IMA for trusted boot and attestation. However, on 6.5.0-35-generic (ubuntu 22.04), the IMA hash keeps changing on every reboot without any software updates. I may be wrong about the root cause, but it may be related to the order of evaluation of the kernel module files ? Diff of /sys/kernel/security/ima/ascii_runtime_measurements between 2 reboots: --- ascii_runtime_measurements22 2024-06-06 14:00:23.44000 + +++ ascii_runtime_measurements21 2024-06-06 13:58:33.229038384 + @@ -2,14 +2,14 @@ - 10 b1d60291291154dcef902e2a8c23772d48798148 ima-ng sha1:b952f8331430d08db2931db38713342a45dcb9e1 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci-renesas.ko - 10 6489a4f054c3d0c4df0f645a74f8f730dec9af7f ima-ng sha1:01f17ddccffb8cbc8651b46f91916b21258ba82b /usr/lib/modules/6.5.0-35-generic/kernel/drivers/char/hw_random/virtio-rng.ko - 10 dc9529d9c1a17ea7d7ada8218068c975bad1153f ima-ng sha1:e84dbae74b7f246b964d3b073b9a8847dd8e408f /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci.ko + 10 b1d60291291154dcef902e2a8c23772d48798148 ima-ng sha1:b952f8331430d08db2931db38713342a45dcb9e1 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci-renesas.ko + 10 6489a4f054c3d0c4df0f645a74f8f730dec9af7f ima-ng sha1:01f17ddccffb8cbc8651b46f91916b21258ba82b /usr/lib/modules/6.5.0-35-generic/kernel/drivers/char/hw_random/virtio-rng.ko + 10 dc9529d9c1a17ea7d7ada8218068c975bad1153f ima-ng sha1:e84dbae74b7f246b964d3b073b9a8847dd8e408f /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci.ko -10 3f5e368749dbff84d3a7410a1b4c4a7fab66b559 ima-ng sha1:0bc18fb894d2f5b04331b239e0e6073b51354211 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm.ko - 10 17cccb8cb394efb7efbee1aca74c79c1d2f8a38e ima-ng sha1:2f902f7314e44bba2d3056e6340d587c376f641a /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/i2c-smbus.ko + 10 17cccb8cb394efb7efbee1aca74c79c1d2f8a38e ima-ng sha1:2f902f7314e44bba2d3056e6340d587c376f641a /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/i2c-smbus.ko -10 d19437485bf5540a30de2cca2de936fd73580369 ima-ng sha1:99e31489a8d3a958411ffd6e99c8ea0d0d01c210 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/libahci.ko -10 591a35a9de40e752cfc9f85194a31ef97d0b1623 ima-ng sha1:a0919355cf28b07a7ec1a1f641cf1a4ed4219691 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/busses/i2c-i801.ko +10 3f5e368749dbff84d3a7410a1b4c4a7fab66b559 ima-ng sha1:0bc18fb894d2f5b04331b239e0e6073b51354211 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm.ko - 10 4d2af98b6a28806abe7e47ac7e830f81fa43878f ima-ng sha1:4190f2cc17a89dac6afae4575910487409a47b29 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/mfd/lpc_ich.ko + 10 4d2af98b6a28806abe7e47ac7e830f81fa43878f ima-ng sha1:4190f2cc17a89dac6afae4575910487409a47b29 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/mfd/lpc_ich.ko +10 d19437485bf5540a30de2cca2de936fd73580369 ima-ng sha1:99e31489a8d3a958411ffd6e99c8ea0d0d01c210 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/libahci.ko - 10 2a4b0265d5807763cd7784617d61ab8dd97d4844 ima-ng sha1:32a600680fd22682c12fb34d2e16ceb4c6415fd6 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/input/mouse/psmouse.ko + 10 2a4b0265d5807763cd7784617d61ab8dd97d4844 ima-ng sha1:32a600680fd22682c12fb34d2e16ceb4c6415fd6 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/input/mouse/psmouse.ko -10 6239ce08348df615bc4056538fc98543c4ccb33b ima-ng sha1:4b0216c96c99bfbab72daa30df057e378029123b /usr/lib/modules/6.5.0-35-generic/kernel/crypto/cryptd.ko - 10 41b5ef647a337225aff73c125320db0101f87825 ima-ng sha1:27856f6182f8e76688055184db94e1756d77da59 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/ahci.ko + 10 41b5ef647a337225aff73c125320db0101f87825 ima-ng sha1:27856f6182f8e76688055184db94e1756d77da59 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/ahci.ko +10 591a35a9de40e752cfc9f85194a31ef97d0b1623 ima-ng sha1:a0919355cf28b07a7ec1a1f641cf1a4ed4219691 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/busses/i2c-i801.ko +10 6239ce08348df615bc4056538fc98543c4ccb33b ima-ng sha1:4b0216c96c99bfbab72daa30df057e378029123b /usr/lib/modules/6.5.0-35-generic/kernel/crypto/cryptd.ko - 10 1d2d52cc82f2ff0943dc8c43bf6a78722247 ima-ng sha1:f0c245e28ca906a8b3ced94eaaf872175095c24e /usr/lib/modules/6.5.0-35-generic/kernel/crypto/crypto_simd.ko - 10 9d233b196dac726c5e188f18b6efb38d24066917 ima-ng sha1:0b4ba623e888760dee0d1227d820058ff7e3e9d2 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm_kms_helper.ko - 10 8283f095fbd71a3fd6ea8ee96299a8697386b6fa ima-ng sha1:c4c9542d63c603
[Bug 2068627] [NEW] IMA Hashes keep changing on every reboot (PCR10)
Public bug reported: In my understanding (not an expert on this) the linux integrity measure hash should not change unless there is a real change to kernel/modules or the aggregate boot measure. We are tying to use IMA for trusted boot and attestation. However, on 6.5.0-35-generic (ubuntu 22.04), the IMA hash keeps changing on every reboot without any software updates. I may be wrong about the root cause, but it may be related to the order of evaluation of the kernel module files ? Diff of /sys/kernel/security/ima/ascii_runtime_measurements between 2 reboots: --- ascii_runtime_measurements222024-06-06 14:00:23.44000 + +++ ascii_runtime_measurements212024-06-06 13:58:33.229038384 + @@ -2,14 +2,14 @@ 10 b1d60291291154dcef902e2a8c23772d48798148 ima-ng sha1:b952f8331430d08db2931db38713342a45dcb9e1 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci-renesas.ko 10 6489a4f054c3d0c4df0f645a74f8f730dec9af7f ima-ng sha1:01f17ddccffb8cbc8651b46f91916b21258ba82b /usr/lib/modules/6.5.0-35-generic/kernel/drivers/char/hw_random/virtio-rng.ko 10 dc9529d9c1a17ea7d7ada8218068c975bad1153f ima-ng sha1:e84dbae74b7f246b964d3b073b9a8847dd8e408f /usr/lib/modules/6.5.0-35-generic/kernel/drivers/usb/host/xhci-pci.ko -10 3f5e368749dbff84d3a7410a1b4c4a7fab66b559 ima-ng sha1:0bc18fb894d2f5b04331b239e0e6073b51354211 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm.ko 10 17cccb8cb394efb7efbee1aca74c79c1d2f8a38e ima-ng sha1:2f902f7314e44bba2d3056e6340d587c376f641a /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/i2c-smbus.ko -10 d19437485bf5540a30de2cca2de936fd73580369 ima-ng sha1:99e31489a8d3a958411ffd6e99c8ea0d0d01c210 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/libahci.ko -10 591a35a9de40e752cfc9f85194a31ef97d0b1623 ima-ng sha1:a0919355cf28b07a7ec1a1f641cf1a4ed4219691 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/busses/i2c-i801.ko +10 3f5e368749dbff84d3a7410a1b4c4a7fab66b559 ima-ng sha1:0bc18fb894d2f5b04331b239e0e6073b51354211 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm.ko 10 4d2af98b6a28806abe7e47ac7e830f81fa43878f ima-ng sha1:4190f2cc17a89dac6afae4575910487409a47b29 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/mfd/lpc_ich.ko +10 d19437485bf5540a30de2cca2de936fd73580369 ima-ng sha1:99e31489a8d3a958411ffd6e99c8ea0d0d01c210 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/libahci.ko 10 2a4b0265d5807763cd7784617d61ab8dd97d4844 ima-ng sha1:32a600680fd22682c12fb34d2e16ceb4c6415fd6 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/input/mouse/psmouse.ko -10 6239ce08348df615bc4056538fc98543c4ccb33b ima-ng sha1:4b0216c96c99bfbab72daa30df057e378029123b /usr/lib/modules/6.5.0-35-generic/kernel/crypto/cryptd.ko 10 41b5ef647a337225aff73c125320db0101f87825 ima-ng sha1:27856f6182f8e76688055184db94e1756d77da59 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/ata/ahci.ko +10 591a35a9de40e752cfc9f85194a31ef97d0b1623 ima-ng sha1:a0919355cf28b07a7ec1a1f641cf1a4ed4219691 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/i2c/busses/i2c-i801.ko +10 6239ce08348df615bc4056538fc98543c4ccb33b ima-ng sha1:4b0216c96c99bfbab72daa30df057e378029123b /usr/lib/modules/6.5.0-35-generic/kernel/crypto/cryptd.ko 10 1d2d52cc82f2ff0943dc8c43bf6a78722247 ima-ng sha1:f0c245e28ca906a8b3ced94eaaf872175095c24e /usr/lib/modules/6.5.0-35-generic/kernel/crypto/crypto_simd.ko 10 9d233b196dac726c5e188f18b6efb38d24066917 ima-ng sha1:0b4ba623e888760dee0d1227d820058ff7e3e9d2 /usr/lib/modules/6.5.0-35-generic/kernel/drivers/gpu/drm/drm_kms_helper.ko 10 8283f095fbd71a3fd6ea8ee96299a8697386b6fa ima-ng sha1:c4c9542d63c603275d08468045e56d45a3f06dee /usr/lib/modules/6.5.0-35-generic/kernel/arch/x86/crypto/aesni-intel.ko --snipped- ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2068627 Title: IMA Hashes keep changing on every reboot (PCR10) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2068627/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2053147] Re: CONFIG_EFI_STUB support disabled since 6.5.0-1002.2
Could you please reconsider this. The kernel size change including CONFIG_EFI_ is about 60 KB (#10674016 vs #10735317 bytes). I would assume all use cases where iso boot is used would be making UBoot load grub, which would then require the CONFIG_EFI_* to be enabled. (Also good to note that Opensuse uses Grub as well). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2053147 Title: CONFIG_EFI_STUB support disabled since 6.5.0-1002.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2053147/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066252] [NEW] Removal of CONFIG_EFI_STUB ubuntu 24.04 breaks some use cases
Public bug reported: Hi, We have been having a special use case where grub is used as stage 2 uboot. Then grub loads the linux kernel (in our case a menu with different iso images). This used to work great from earlier than ubuntu 22.04. However, this is now broken with ubuntu 24.04. Loading the kernel from grub fails with an error like CONFIG_EFI_STUB is not enabled. Looking at the kernel config, 5.15.0-1053-raspi (22.04) has the CONFIG_EFI_ options enabled. CONFIG_EFI_STUB=y CONFIG_EFI=y CONFIG_EFI_PARTITION=y CONFIG_EFI_ESRT=y CONFIG_EFI_VARS_PSTORE=m # CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set CONFIG_EFI_PARAMS_FROM_FDT=y CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_GENERIC_STUB=y CONFIG_EFI_ARMSTUB_DTB_LOADER=y CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y CONFIG_EFI_BOOTLOADER_CONTROL=m # CONFIG_EFI_CAPSULE_LOADER is not set # CONFIG_EFI_TEST is not set # CONFIG_EFI_DISABLE_PCI_DMA is not set CONFIG_EFI_EARLYCON=y CONFIG_EFIVAR_FS=m In 6.8.0-1004-raspi, there is only: # CONFIG_EFI is not set CONFIG_EFI_PARTITION=y Could you please enable back the CONFIG_EFI_ options back to raspi kernel. Even though raspi does not have UEFI, using a stage 2 bootloader like grub requires the EFI_STUB. FYI, Looking at git history, these two commits removed most of CONFIG_EFI from the ubuntu raspi kernels. commit 9f2edb8e5a7bfe2f72d63c0f04c7aa8f404d187e (tag: import/6.7.0-1001.1) Author: Juerg Haefliger Date: Wed Jan 24 19:51:18 2024 +0100 6.7.0-1001.1 (patches unapplied) Imported using git-ubuntu import. commit 4dfdd5ed38710023544afd34ba882ec2048feafc (tag: import/6.5.0-1010.13) Author: Juerg Haefliger Date: Thu Jan 18 08:48:24 2024 +0100 6.5.0-1010.13 (patches unapplied) Imported using git-ubuntu import. Side note: It would be great if linux-image-raspi is just merged to linux-image-generic. linux-firmware-raspi seems to be the really bootloader stuff that is independent of the kernel packages. So it should be safe to merge linux-image-raspi into linux-image-generic even for arm64. Thanks. ** Affects: linux-raspi (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066252 Title: Removal of CONFIG_EFI_STUB ubuntu 24.04 breaks some use cases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2066252/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066142] [NEW] grub-install with --removable flag broken in ubuntu 24.04
Public bug reported: Ubuntu Version: 24.04 Grub2-common: 2.12-1ubuntu7 Use Case/Scenario: Create a bootable disk image. Commands: sudo qemu-nbd --connect=/dev/nbd0 sudo mount /dev/nbd0p3 /tmp/boot/ sudo mount /dev/nbd0p2 /tmp/efi/ sudo grub-install --target=x86_64-efi --efi-directory=/tmp/efi/ --boot-directory=/tmp/boot/ --modules="ext2 fat part_gpt xzio squash4" --removable --compress=xz Write menuentries to /tmp/boot/grub/grub.cfg What Happens: System boots into grub prompt. Grub does not load /EFI/BOOT/grub.cfg automatically. Manual Recovery on every boot: Run this command when boot drops to grub shell: source $fw_path/grub.cfg grub-install without --removable option works fine, but in my understanding --removable option is required for some older EFI systems at least. This works fine when the same grub-install with --removable flag is run on ubuntu 22.04 system. ** Affects: grub2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066142 Title: grub-install with --removable flag broken in ubuntu 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2066142/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1759014] Re: Netplan has no way to control DHCP client
The fix for dns override for dhcp4 does not work with network manager. Netplan Generated config: [ipv4] method=auto dns=8.8.8.8;1.1.1.1 What is actually in /var/run/systemd/resolve/resolv.conf : nameserver 192.168.1.254 nameserver 8.8.8.8 nameserver 1.1.1.1 search attlocal.net Required fix for network manager: The line "ignore-auto-dns=true" has to be added by netplan. I have verified that this generates the expected resolv.conf. [ipv4] method=auto ignore-auto-dns=true dns=8.8.8.8;1.1.1.1; -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1759014 Title: Netplan has no way to control DHCP client To manage notifications about this bug go to: https://bugs.launchpad.net/baltix-default-settings/+bug/1759014/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1318551] Re: Kernel Panic - not syncing: An NMI occurred, please see the Integrated Management Log for details.
This may have been introduced by this fix as it is seen only on HP Servers: x86/apic: Work around boot failure on HP ProLiant DL980 G7 Server systems http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.8-raring/CHANGES -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1318551 Title: Kernel Panic - not syncing: An NMI occurred, please see the Integrated Management Log for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1318551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1318551] Re: Kernel Panic - not syncing: An NMI occurred, please see the Integrated Management Log for details.
We started running into this issue on Hewlett-Packard ProLiant DL380 G6, BIOS P62 after moving to Ubuntu 14.04 Server edition from Ubuntu 13.04 Server -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1318551 Title: Kernel Panic - not syncing: An NMI occurred, please see the Integrated Management Log for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1318551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 986654] Re: disk I/O race condition after update
The issue is seen on Ubuntu 13.04 also. Although in my case it is not a real physical machine but a VM running ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/986654 Title: disk I/O race condition after update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udev/+bug/986654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1287666] Re: qemu-nbd processes left behind after instance deletion
** Changed in: nova (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1287666 Title: qemu-nbd processes left behind after instance deletion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1287666/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1184451] Re: Ubuntu 13.10 random screen freeze while Normal OS activites
For me it starts hanging about 10 minutes after it starts using Swap. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184451 Title: Ubuntu 13.10 random screen freeze while Normal OS activites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1184451/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1297705] Re: keystone logrotate configuration causing service disruption
May be copytruncate can be used instead of the restart keystone . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1297705 Title: keystone logrotate configuration causing service disruption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/1297705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1297705] [NEW] keystone logrotate configuration causing service disruption
Public bug reported:
Logrotate is configured to rotate the keystone logs every 24 hours.
The problem is that restart keystone is added after logrotate. This
causes a disruption in service.
/var/log/keystone/keystone.log {
daily
missingok
rotate 5
postrotate
restart keystone >/dev/null 2>&1 || true
endscript
compress
delaycompress
notifempty
}
Just removing the line "restart keystone >/dev/null 2>&1 || true" fixes
this problem. Moreover, logging also happens to keystone.log itself
rather than keystone.log.1 even when logrotate is triggered after
deleting the restart line.
** Affects: keystone (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1297705
Title:
keystone logrotate configuration causing service disruption
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/1297705/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
