[Bug 1747499] Re: 98-reboot-required and Interaction with livepatch

David Coronel Fri, 15 May 2020 08:51:26 -0700

Here are some extra details about the status of livepatch when a kernel
upgrade is required.


I am running an 18.04 VM with an old 4.15.0-20-generic kernel from April
2018. Here is status in yaml format:

ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-15T11:29:29-04:00
boot-time: 2020-05-15T15:28:49Z
uptime: 59s
status:
- kernel: 4.15.0-20.21-generic
  running: true
  livepatch:
    checkState: checked
    patchState: kernel-upgrade-required
    version: "42.1"
    fixes: |-
      * CVE-2018-10323
      * CVE-2018-10840
    [...removing some CVEs to keep this short...]

There are no kernel upgrades pending a reboot on this box, so no
/var/run/reboot-required:

ubuntu@bioniclivepatcholdkernel:~$ ls -l /var/run/reboot-required*
ls: cannot access '/var/run/reboot-required*': No such file or directory

If I upgrade to a new kernel, those files are created:

ubuntu@bioniclivepatcholdkernel:~$ ls -l /var/run/reboot-required*
-rw-r--r-- 1 root root 32 May 15 11:37 /var/run/reboot-required
-rw-r--r-- 1 root root 11 May 15 11:37 /var/run/reboot-required.pkgs

ubuntu@bioniclivepatcholdkernel:~$ cat /var/run/reboot-required
*** System restart required ***

ubuntu@bioniclivepatcholdkernel:~$ cat /var/run/reboot-required.pkgs
linux-base


And nothing changes in the output of canonical-livepatch status --format yaml: 

ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-15T11:29:29-04:00
boot-time: 2020-05-15T15:28:49Z
uptime: 9m38s
status:
- kernel: 4.15.0-20.21-generic
  running: true
  livepatch:
    checkState: checked
    patchState: kernel-upgrade-required
    version: "42.1"
    fixes: |-
      * CVE-2018-10323
      * CVE-2018-10840
    [...removing some CVEs to keep this short...]


And if I reboot into a recent kernel, the up to date status is:

ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-15T11:42:09-04:00
boot-time: 2020-05-15T15:41:28Z
uptime: 50s
status:
- kernel: 4.15.0-99.100-generic
  running: true
  livepatch:
    checkState: checked
    patchState: nothing-to-apply
    version: ""
    fixes: ""


** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10323

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10840

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747499

Title:
  98-reboot-required and Interaction with livepatch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1747499/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1747499] Re: 98-reboot-required and Interaction with livepatch

Reply via email to