[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: needrestart: terminated itself by restarting apt-daily.service (when the script is updated)



Control: severity -1 serious
Control: usertags -1 + bittenby

On Wed, 17 May 2017 16:26:39 +0000 Alan Jenkins wrote:

> The script for apt-daily.service was recently modified by an update.
> When this update was installed by `unattended-upgrades`, `needrestart`
> restarted the service.  I.e. needrestart terminates unattended-upgrades,
> and hence itself.  This causes a few lines of log noise (below), and
> does not quite seem desirable.

This is a pretty serious bug (upgraded severity). It doesn't result in
data loss but it is a serious interruption of the upgrade process,
which means that the usual mail sent by unattended-upgrades is never
sent to the admin of the system and no services are restarted.

> So either apt-daily.service could be treated specially, or needrestart
> could ignore all Type=oneshot services.

I think it need to not restart oneshot services by default, since it
has no information about whether or not they can be safely restarted.
I would guess that most oneshot services cannot be safely restarted.

> The latter raises questions about a longer-running oneshot service
> which is security-sensitive...  So I think the simplest solution is
> treat apt-daily.service specially.

I think oneshot services are meant to exit ASAP rather than running for
a long time. They will be listed in the "needs restarting" section, so
I think it is fine to not restart oneshot services by default.

> apt-daily-upgrade.service should also be treated the same way,
> because it also runs unattended-upgrades.
> 
> I think unattended-upgrades.service should also be treated
> the same way, because this is the service that runs unattended-upgrades
> on shutdown (if enabled).

Agreed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: