Control: severity -1 serious Control: usertags -1 + bittenby On Wed, 17 May 2017 16:26:39 +0000 Alan Jenkins wrote: > The script for apt-daily.service was recently modified by an update. > When this update was installed by `unattended-upgrades`, `needrestart` > restarted the service. I.e. needrestart terminates unattended-upgrades, > and hence itself. This causes a few lines of log noise (below), and > does not quite seem desirable. This is a pretty serious bug (upgraded severity). It doesn't result in data loss but it is a serious interruption of the upgrade process, which means that the usual mail sent by unattended-upgrades is never sent to the admin of the system and no services are restarted. > So either apt-daily.service could be treated specially, or needrestart > could ignore all Type=oneshot services. I think it need to not restart oneshot services by default, since it has no information about whether or not they can be safely restarted. I would guess that most oneshot services cannot be safely restarted. > The latter raises questions about a longer-running oneshot service > which is security-sensitive... So I think the simplest solution is > treat apt-daily.service specially. I think oneshot services are meant to exit ASAP rather than running for a long time. They will be listed in the "needs restarting" section, so I think it is fine to not restart oneshot services by default. > apt-daily-upgrade.service should also be treated the same way, > because it also runs unattended-upgrades. > > I think unattended-upgrades.service should also be treated > the same way, because this is the service that runs unattended-upgrades > on shutdown (if enabled). Agreed. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part