attempt to read dmi data can cause warning and stacktrace in logs in a container.

[ubuntu-server-builder]

This bug was originally filed in Launchpad as LP: #1701325

Launchpad details

affected_projects = ['cloud-init (Ubuntu)', 'cloud-init (Ubuntu Xenial)', 'cloud-init (Ubuntu Zesty)']
assignee = smoser
assignee_name = Scott Moser
date_closed = 2017-09-23T02:34:19.037291+00:00
date_created = 2017-06-29T16:59:25.320111+00:00
date_fix_committed = 2017-06-29T21:35:08.506649+00:00
date_fix_released = 2017-09-23T02:34:19.037291+00:00
id = 1701325
importance = high
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1701325
milestone = None
owner = smoser
owner_name = Scott Moser
private = False
status = fix_released
submitter = smoser
submitter_name = Scott Moser
tags = ['amd64', 'apport-bug', 'artful', 'uec-images', 'verification-done-xenial', 'verification-done-zesty']
duplicates = []

Launchpad user Scott Moser(smoser) wrote on 2017-06-29T16:59:25.320111+00:00

=== Begin SRU Template ===
[Impact]
lxc containers would show warnings in /var/log/cloud-init.log.
This was because attempts were made to read dmi information from
inside the (unpriviledged) container. Such attempts to read
dmi data like /sys/class/dmi/id/product_serial would then result
in an attempt to run dmidecode which would also fail.

[Test Case]
To test this, simply
a.) create an lxd instance from a image with -proposed version of cloud-init
$ release=xenial
$ ref=$release-1701325
$ lxc-proposed-snapshot --proposed --publish $release $ref
$ lxc launch $ref $name
b.) lxc exec $name -- grep WARN /var/log/cloud-init.log

[Regression Potential]
A regression caused by this change is possible on some system where
systemd identified the system as a container but the container platform provided
simulated/virtualized dmi information in /sys/class/dmi/id.

The check for for container is done with:
systemd-detect-virt --quite --container

[Other Info]
Upstream commit at
https://git.launchpad.net/cloud-init/commit/?id=4d9f24f5c3

This was actually a regression of the upstream fix for bug 1691772.
That never entered a stable Ubuntu release. The testing here is
actually a test against regression.
The upstream commit for that change is at
https://git.launchpad.net/cloud-init/commit/?id=802e7cb2da

lxc-proposed-snapshot is
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/tree/bin/lxc-proposed-snapshot
It publishes an image to lxd with proposed enabled and cloud-init upgraded.
=== End SRU Template ===

I launched an instance of artful.
Looked in /var/log/cloud-init.log and saw:
2017-06-29 16:00:15,222 - util.py[DEBUG]: Reading from /sys/class/dmi/id/product_serial (quiet=False)
2017-06-29 16:00:15,222 - util.py[WARNING]: failed read of /sys/class/dmi/id/product_serial
2017-06-29 16:00:15,223 - util.py[DEBUG]: failed read of /sys/class/dmi/id/product_serial
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 2359, in _read_dmi_syspath
    key_data = load_file(dmi_key_path, decode=False)
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1283, in load_file
    with open(fname, 'rb') as ifh:
PermissionError: [Errno 13] Permission denied: '/sys/class/dmi/id/product_serial'
2017-06-29 16:00:15,225 - util.py[DEBUG]: Running command ['/usr/sbin/dmidecode', '--string', 'system-serial-number'] with allowed return codes [0] (shell=False, capture=True)
2017-06-29 16:00:15,228 - util.py[DEBUG]: failed dmidecode cmd: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Unexpected error while running command.
Command: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Exit code: 1
Reason: -
Stdout: -
Stderr: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
        /dev/mem: No such file or directory

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: cloud-init 0.7.9-197-gebc9ecbc-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15
Uname: Linux 4.10.0-22-generic x86_64
ApportVersion: 2.20.5-0ubuntu5
Architecture: amd64
Date: Thu Jun 29 16:47:51 2017
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install)

[ubuntu-server-builder]

Launchpad user Scott Moser(smoser) wrote on 2017-06-29T16:59:25.320111+00:00

Launchpad attachments: NonfreeKernelModules.txt,Dependencies.txt,JournalErrors.txt,ProcCpuinfoMinimal.txt

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2017-06-29T17:09:13.439561+00:00

Status changed to 'Confirmed' because the bug affects multiple users.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2017-06-29T23:23:39.829639+00:00

This bug was fixed in the package cloud-init - 0.7.9-199-g4d9f24f5-0ubuntu1

---

cloud-init (0.7.9-199-g4d9f24f5-0ubuntu1) artful; urgency=medium

• New upstream snapshot.
  • read_dmi_data: always return None when inside a container. (LP: #1701325)
  • requirements.txt: remove trailing white space.

-- Scott Moser smoser@ubuntu.com Thu, 29 Jun 2017 18:01:21 -0400

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2017-08-23T12:28:49.807675+00:00

Hello Scott, or anyone else affected,

Accepted cloud-init into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-233-ge586fe35-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2017-08-23T12:31:58.737802+00:00

Hello Scott, or anyone else affected,

Accepted cloud-init into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-233-ge586fe35-0ubuntu1~17.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

[ubuntu-server-builder]

Launchpad user Chad Smith(chad.smith) wrote on 2017-08-28T18:23:45.246523+00:00

Validated on lxc containers xenial and zesty:

$ for release in xenial zesty; do
ref=$release-proposed;
echo "$release START --------------";
./lxc-proposed-snapshot --proposed --publish $release $ref;
lxc init $ref test-$release;
lxc start test-$release;
lxc sleep 10;
lxc exec test-$release -- grep WARN /var/log/cloud-init.log;
lxc exec test-$release -- dpkg-query --show cloud-init;
done

xenial START --------------
Creating xenial-proposed-123719471
...

No WARN messages

cloud-init 0.7.9-233-ge586fe35-0ubuntu1~16.04.1

zesty START --------------
Creating zesty-proposed-34023523
...
The following packages will be upgraded:
cloud-init
...
Get:1 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 cloud-init all 0.7.9-233-ge586fe35-0ubuntu1~17.04.1 [321 kB]
...

No WARN messages

cloud-init 0.7.9-233-ge586fe35-0ubuntu1~17.04.1

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2017-09-13T01:26:05.837714+00:00

This bug was fixed in the package cloud-init - 0.7.9-233-ge586fe35-0ubuntu1~16.04.1

---

cloud-init (0.7.9-233-ge586fe35-0ubuntu1~16.04.1) xenial-proposed; urgency=medium

• debian/cloud-init.templates: enable Scaleway cloud.
• debian/cloud-init.templates: enable Aliyun cloud.
• drop the following cherry picks, now incorporated in snapshot.
  • debian/patches/cpick-5fb49bac-azure-identify-platform...
  • debian/patches/cpick-003c6678-net-remove-systemd-link...
  • debian/patches/cpick-1cd4323b-azure-remove-accidental...
  • debian/patches/cpick-ebc9ecbc-Azure-Add-network-config...
  • debian/patches/cpick-11121fe4-systemd-make-cloud-final...
• debian/patches/stable-release-no-jsonschema-dep.patch:
  add patch to remove optional dependency on jsonschema.
• New upstream snapshot.
  • cloudinit.net: add initialize_network_device function and tests
    [Chad Smith]
  • makefile: fix ci-deps-ubuntu target [Chad Smith]
  • tests: adjust locale integration test to parse default locale.
  • tests: remove 'yakkety' from releases as it is EOL.
  • centos: do not package systemd-fsck drop-in.
  • systemd: make systemd-fsck run after cloud-init.service (LP: #1691489)
  • tests: Add initial tests for EC2 and improve a docstring.
  • locale: Do not re-run locale-gen if provided locale is system default.
  • archlinux: fix set hostname usage of write_file. [Joshua Powers]
  • sysconfig: support subnet type of 'manual'.
  • tools/run-centos: make running with no argument show help.
  • Drop rand_str() usage in DNS redirection detection
    [Bob Aman] (LP: #1088611)
  • sysconfig: use MACADDR on bonds/bridges to configure mac_address
    [Ryan Harper]
  • net: eni route rendering missed ipv6 default route config
    [Ryan Harper] (LP: #1701097)
  • sysconfig: enable mtu set per subnet, including ipv6 mtu
    [Ryan Harper]
  • sysconfig: handle manual type subnets [Ryan Harper]
  • sysconfig: fix ipv6 gateway routes [Ryan Harper]
  • sysconfig: fix rendering of bond, bridge and vlan types.
    [Ryan Harper]
  • Templatize systemd unit files for cross distro deltas. [Ryan Harper]
  • sysconfig: ipv6 and default gateway fixes. [Ryan Harper]
  • net: fix renaming of nics to support mac addresses written in upper
    case. (LP: #1705147)
  • tests: fixes for issues uncovered when moving to python 3.6.
  • sysconfig: include GATEWAY value if set in subnet
    [Ryan Harper]
  • Scaleway: add datasource with user and vendor data for Scaleway.
    [Julien Castets]
  • Support comments in content read by load_shell_content.
  • cloudinitlocal fail to run during boot [Hongjiang Zhang]
  • doc: fix disk setup example table_type options [Sandor Zeestraten]
  • tools: Fix exception handling. [Joonas Kylmälä]
  • tests: fix usage of mock in GCE test.
  • test_gce: Fix invalid mock of platform_reports_gce to return False
    [Chad Smith]
  • test: fix incorrect keyid for apt repository. [Joshua Powers]
  • tests: Update version of pylxd [Joshua Powers]
  • write_files: Remove log from helper function signatures.
    [Andrew Jorgensen]
  • doc: document the cmdline options to NoCloud [Brian Candler]
  • read_dmi_data: always return None when inside a container. (LP: #1701325)
  • requirements.txt: remove trailing white space.
  • Tests: Simplify the check on ssh-import-id [Joshua Powers]
  • tests: update ntp tests after sntp added [Joshua Powers]
  • FreeBSD: Make freebsd a variant, fix unittests and
    tools/build-on-freebsd.
  • FreeBSD: fix test failure
  • FreeBSD: replace ifdown/ifup with "ifconfig down" and "ifconfig up".
    [Hongjiang Zhang]
  • FreeBSD: fix cdrom mounting failure if /mnt/cdrom/secure did not exist.
    [Hongjiang Zhang]
  • main: Don't use templater to format the welcome message
    [Andrew Jorgensen]
  • docs: Automatically generate module docs form schema if present.
    [Chad Smith]
  • debian: fix path comment in /etc/hosts template. [Jens Sandmann]
  • suse: add hostname and fully qualified domain to template.
    [Jens Sandmann]
  • write_file(s): Print permissions as octal, not decimal [Andrew Jorgensen]
  • ci deps: Add --test-distro to read-dependencies to install all deps
    [Chad Smith]
  • tools/run-centos: cleanups and move to using read-dependencies
  • pkg build ci: Add make ci-deps- target to install pkgs
    [Chad Smith]
  • selinux: Allow restorecon to be non-fatal. [Ryan Harper]
  • net: Allow netinfo subprocesses to return 0 or 1 due to selinux.
    [Ryan Harper]
  • net: Allow for NetworkManager configuration [Ryan McCabe]
  • Use distro release version to determine if we use systemd in redhat spec
    [Ryan Harper]
  • net: normalize data in network_state object
  • Integration Testing: tox env, pyxld 2.2.3, and revamp framework
    [Wesley Wiedenmeier]
  • Chef: Update omnibus url to chef.io, minor doc changes. [JJ Asghar]
  • tools: add centos scripts to build and test [Joshua Powers]
  • Drop cheetah python module as it is not needed by trunk [Ryan Harper]
  • rhel/centos spec cleanups.
  • cloud.cfg: move to a template. setup.py changes along the way.
  • Makefile: add deb-src and srpm targets. use PYVER more places.
  • makefile: fix python 2/3 detection in the Makefile [Chad Smith]
  • snap: Removing snapcraft plug line [Joshua Powers]
  • RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration.
    [Andreas Karis]
  • test: Fix pyflakes complaint of unused import. [Joshua Powers]
  • NoCloud: support seed of nocloud from smbios information
    [Vladimir Pouzanov] (LP: #1691772)
  • net: when selecting a network device, use natural sort order
    [Marc-Aurèle Brothier]
  • fix typos and remove whitespace in various docs [Stephan Telling]
  • systemd: Fix typo in comment in cloud-init.target. [Chen-Han Hsiao]
  • Tests: Skip jsonschema related unit tests when dependency is absent.
    [Chad Smith]
  • tools/net-convert.py: support old cloudinit versions by using kwargs.
  • ntp: Add schema definition and passive schema validation.
    [Chad Smith] (LP: #1692916)
  • Fix eni rendering for bridge params that require repeated key for
    values. [Ryan Harper] (LP: #1706752)
  • AliYun: Enable platform identification and enable by default.
    [Junjie Wang] (LP: #1638931)

-- Scott Moser smoser@ubuntu.com Mon, 31 Jul 2017 16:36:16 -0400

[ubuntu-server-builder]

Launchpad user Chris Halse Rogers(raof) wrote on 2017-09-13T01:26:57.688883+00:00

The verification of the Stable Release Update for cloud-init has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2017-09-13T01:27:27.937540+00:00

This bug was fixed in the package cloud-init - 0.7.9-233-ge586fe35-0ubuntu1~17.04.1

---

cloud-init (0.7.9-233-ge586fe35-0ubuntu1~17.04.1) zesty; urgency=medium

• debian/cloud-init.templates: enable Scaleway cloud.
• debian/cloud-init.templates: enable Aliyun cloud.
• drop the following cherry picks, now incorporated in snapshot.
  • debian/patches/cpick-5fb49bac-azure-identify-platform...
  • debian/patches/cpick-003c6678-net-remove-systemd-link...
  • debian/patches/cpick-1cd4323b-azure-remove-accidental...
  • debian/patches/cpick-ebc9ecbc-Azure-Add-network-config...
  • debian/patches/cpick-11121fe4-systemd-make-cloud-final...
• debian/patches/stable-release-no-jsonschema-dep.patch:
  add patch to remove optional dependency on jsonschema.
• New upstream snapshot.
  • cloudinit.net: add initialize_network_device function and tests
    [Chad Smith]
  • makefile: fix ci-deps-ubuntu target [Chad Smith]
  • tests: adjust locale integration test to parse default locale.
  • tests: remove 'yakkety' from releases as it is EOL.
  • centos: do not package systemd-fsck drop-in.
  • systemd: make systemd-fsck run after cloud-init.service (LP: #1691489)
  • tests: Add initial tests for EC2 and improve a docstring.
  • locale: Do not re-run locale-gen if provided locale is system default.
  • archlinux: fix set hostname usage of write_file. [Joshua Powers]
  • sysconfig: support subnet type of 'manual'.
  • tools/run-centos: make running with no argument show help.
  • Drop rand_str() usage in DNS redirection detection
    [Bob Aman] (LP: #1088611)
  • sysconfig: use MACADDR on bonds/bridges to configure mac_address
    [Ryan Harper]
  • net: eni route rendering missed ipv6 default route config
    [Ryan Harper] (LP: #1701097)
  • sysconfig: enable mtu set per subnet, including ipv6 mtu
    [Ryan Harper]
  • sysconfig: handle manual type subnets [Ryan Harper]
  • sysconfig: fix ipv6 gateway routes [Ryan Harper]
  • sysconfig: fix rendering of bond, bridge and vlan types.
    [Ryan Harper]
  • Templatize systemd unit files for cross distro deltas. [Ryan Harper]
  • sysconfig: ipv6 and default gateway fixes. [Ryan Harper]
  • net: fix renaming of nics to support mac addresses written in upper
    case. (LP: #1705147)
  • tests: fixes for issues uncovered when moving to python 3.6.
  • sysconfig: include GATEWAY value if set in subnet
    [Ryan Harper]
  • Scaleway: add datasource with user and vendor data for Scaleway.
    [Julien Castets]
  • Support comments in content read by load_shell_content.
  • cloudinitlocal fail to run during boot [Hongjiang Zhang]
  • doc: fix disk setup example table_type options [Sandor Zeestraten]
  • tools: Fix exception handling. [Joonas Kylmälä]
  • tests: fix usage of mock in GCE test.
  • test_gce: Fix invalid mock of platform_reports_gce to return False
    [Chad Smith]
  • test: fix incorrect keyid for apt repository. [Joshua Powers]
  • tests: Update version of pylxd [Joshua Powers]
  • write_files: Remove log from helper function signatures.
    [Andrew Jorgensen]
  • doc: document the cmdline options to NoCloud [Brian Candler]
  • read_dmi_data: always return None when inside a container. (LP: #1701325)
  • requirements.txt: remove trailing white space.
  • Tests: Simplify the check on ssh-import-id [Joshua Powers]
  • tests: update ntp tests after sntp added [Joshua Powers]
  • FreeBSD: Make freebsd a variant, fix unittests and
    tools/build-on-freebsd.
  • FreeBSD: fix test failure
  • FreeBSD: replace ifdown/ifup with "ifconfig down" and "ifconfig up".
    [Hongjiang Zhang]
  • FreeBSD: fix cdrom mounting failure if /mnt/cdrom/secure did not exist.
    [Hongjiang Zhang]
  • main: Don't use templater to format the welcome message
    [Andrew Jorgensen]
  • docs: Automatically generate module docs form schema if present.
    [Chad Smith]
  • debian: fix path comment in /etc/hosts template. [Jens Sandmann]
  • suse: add hostname and fully qualified domain to template.
    [Jens Sandmann]
  • write_file(s): Print permissions as octal, not decimal [Andrew Jorgensen]
  • ci deps: Add --test-distro to read-dependencies to install all deps
    [Chad Smith]
  • tools/run-centos: cleanups and move to using read-dependencies
  • pkg build ci: Add make ci-deps- target to install pkgs
    [Chad Smith]
  • selinux: Allow restorecon to be non-fatal. [Ryan Harper]
  • net: Allow netinfo subprocesses to return 0 or 1 due to selinux.
    [Ryan Harper]
  • net: Allow for NetworkManager configuration [Ryan McCabe]
  • Use distro release version to determine if we use systemd in redhat spec
    [Ryan Harper]
  • net: normalize data in network_state object
  • Integration Testing: tox env, pyxld 2.2.3, and revamp framework
    [Wesley Wiedenmeier]
  • Chef: Update omnibus url to chef.io, minor doc changes. [JJ Asghar]
  • tools: add centos scripts to build and test [Joshua Powers]
  • Drop cheetah python module as it is not needed by trunk [Ryan Harper]
  • rhel/centos spec cleanups.
  • cloud.cfg: move to a template. setup.py changes along the way.
  • Makefile: add deb-src and srpm targets. use PYVER more places.
  • makefile: fix python 2/3 detection in the Makefile [Chad Smith]
  • snap: Removing snapcraft plug line [Joshua Powers]
  • RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration.
    [Andreas Karis]
  • test: Fix pyflakes complaint of unused import. [Joshua Powers]
  • NoCloud: support seed of nocloud from smbios information
    [Vladimir Pouzanov] (LP: #1691772)
  • net: when selecting a network device, use natural sort order
    [Marc-Aurèle Brothier]
  • fix typos and remove whitespace in various docs [Stephan Telling]
  • systemd: Fix typo in comment in cloud-init.target. [Chen-Han Hsiao]
  • Tests: Skip jsonschema related unit tests when dependency is absent.
    [Chad Smith]
  • tools/net-convert.py: support old cloudinit versions by using kwargs.
  • ntp: Add schema definition and passive schema validation.
    [Chad Smith] (LP: #1692916)
  • Fix eni rendering for bridge params that require repeated key for
    values. [Ryan Harper] (LP: #1706752)
  • AliYun: Enable platform identification and enable by default.
    [Junjie Wang] (LP: #1638931)

-- Scott Moser smoser@ubuntu.com Mon, 31 Jul 2017 16:33:24 -0400

[ubuntu-server-builder]

Launchpad user Scott Moser(smoser) wrote on 2017-09-23T02:34:21.216483+00:00

This bug is believed to be fixed in cloud-init in 17.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.