This bug was fixed in the package systemd - 234-2ubuntu12.3 --------------- systemd (234-2ubuntu12.3) artful; urgency=medium
[ Dimitri John Ledkov ] * Fix test-functions failing with Ubuntu units. LP: #1750608 * tests: switch to using ext4 by default, instead of ext3. LP: #1750608 * Fix kdump service not starting, due to systemd not loading dropins. Cherrypick a fix from upstream. (LP: #1708409) * systemd-fsckd: Fix ADT tests to work on s390x too. (LP: #1736955) * netwokrd: add support for RequiredForOnline stanza. (LP: #1737570) * resolved.service: set DefaultDependencies=no (LP: #1734167) * systemd.postinst: enable persistent journal. (LP: #1618188) * core: add support for non-writable unified cgroup hierarchy for container support. Rebase and de-fuzz. (LP: #1734410) * Prevent MemoryDenyWriteExecution policy bypass, by disallowing pkey_mprotect when mprotect is disallowed. CVE-2017-15908 (LP: #1725348) * networkd: enable promote_secondaries on networkd managed dhcp links. This fixes failing to renew DHCP lease, on networkd managed devices. (LP: #1721223) [ Kleber Sacilotto de Souza ] * systemd-rfkill service times out when a new rfkill device is added - rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch: Comparing udev_device_get_sysname(device) and sysname will always return true. We need to check the device received from udev monitor instead. - rfkill-fix-typo.patch: Fix typo in rfkill log message. (LP: #1734908) -- Dimitri John Ledkov <x...@ubuntu.com> Tue, 20 Feb 2018 16:11:58 +0000 ** Changed in: systemd (Ubuntu Artful) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15908 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1734410 Title: systemd: handle undelegated cgroup2 hierarchy Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Confirmed Status in systemd source package in Zesty: Won't Fix Status in systemd source package in Artful: Fix Released Status in systemd source package in Bionic: Fix Released Bug description: [Impact] * When a container is presented with a unified cgroup hierarchy, which is not properly delegated, systemd should not attempt (and fail) to use. This improves compatibility of xenial containers running on unified cgroup hierarchy hosts. [Test Case] * Xenial containers should boot, with non-writable unified cgroup hierarchy hosts. [Regression Potential] * unified cgroup hierarchy is not in use by default on xenial hosts, thus this is forward compatibility improvment with e.g. bionic hosts running xenial containers. [Other Info] * Original bug report Hey everyone, Current systemd versions all fail when the unified cgroup hierarchy is not-writable. This is especially problematic in containers where the systemd administrator might decide to not delegate the unified hierarchy or when running with a liblxc driver that doesn't yet know how to handle the unified cgroup hierarchy. I've pushed patches to systemd upstream that let systemd ingnore the non-delegated unified hierarchy. The relevant commits are: e07aefbd675b651f8d45b5fb458f2747b04d6e04 2d56b80a1855836abf1d7458394c345ad9d55382 1ff654e28b7b8e7d0a0be33522a84069ac6b07c0 These patches will be in 236 but should be backported from xenial upwards. Christian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1734410/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp