This bug was fixed in the package systemd - 234-2ubuntu12.3
---------------
systemd (234-2ubuntu12.3) artful; urgency=medium
[ Dimitri John Ledkov ]
* Fix test-functions failing with Ubuntu units. LP: #1750608
* tests: switch to using ext4 by default, instead of ext3. LP: #1750608
* Fix kdump service not starting, due to systemd not loading dropins.
Cherrypick a fix from upstream. (LP: #1708409)
* systemd-fsckd: Fix ADT tests to work on s390x too. (LP: #1736955)
* netwokrd: add support for RequiredForOnline stanza. (LP: #1737570)
* resolved.service: set DefaultDependencies=no (LP: #1734167)
* systemd.postinst: enable persistent journal. (LP: #1618188)
* core: add support for non-writable unified cgroup hierarchy for container
support.
Rebase and de-fuzz. (LP: #1734410)
* Prevent MemoryDenyWriteExecution policy bypass, by disallowing
pkey_mprotect when mprotect is disallowed.
CVE-2017-15908 (LP: #1725348)
* networkd: enable promote_secondaries on networkd managed dhcp links.
This fixes failing to renew DHCP lease, on networkd managed devices.
(LP: #1721223)
[ Kleber Sacilotto de Souza ]
* systemd-rfkill service times out when a new rfkill device is added
- rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch: Comparing
udev_device_get_sysname(device) and sysname will always return true. We
need to
check the device received from udev monitor instead.
- rfkill-fix-typo.patch: Fix typo in rfkill log message. (LP: #1734908)
-- Dimitri John Ledkov <x...@ubuntu.com> Tue, 20 Feb 2018 16:11:58
+0000
** Changed in: systemd (Ubuntu Artful)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15908
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1734410
Title:
systemd: handle undelegated cgroup2 hierarchy
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Xenial:
Confirmed
Status in systemd source package in Zesty:
Won't Fix
Status in systemd source package in Artful:
Fix Released
Status in systemd source package in Bionic:
Fix Released
Bug description:
[Impact]
* When a container is presented with a unified cgroup hierarchy,
which is not properly delegated, systemd should not attempt (and fail)
to use. This improves compatibility of xenial containers running on
unified cgroup hierarchy hosts.
[Test Case]
* Xenial containers should boot, with non-writable unified cgroup
hierarchy hosts.
[Regression Potential]
* unified cgroup hierarchy is not in use by default on xenial hosts,
thus this is forward compatibility improvment with e.g. bionic hosts
running xenial containers.
[Other Info]
* Original bug report
Hey everyone,
Current systemd versions all fail when the unified cgroup hierarchy is
not-writable. This is especially problematic in containers where the
systemd administrator might decide to not delegate the unified
hierarchy or when running with a liblxc driver that doesn't yet know
how to handle the unified cgroup hierarchy. I've pushed patches to
systemd upstream that let systemd ingnore the non-delegated unified
hierarchy. The relevant commits are:
e07aefbd675b651f8d45b5fb458f2747b04d6e04
2d56b80a1855836abf1d7458394c345ad9d55382
1ff654e28b7b8e7d0a0be33522a84069ac6b07c0
These patches will be in 236 but should be backported from xenial
upwards.
Christian
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1734410/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
