Bug 1008898

Summary: kiwi: can't unmount sysfs (is in use by systemd-logind)
Product: [openSUSE] openSUSE Distribution Reporter: Sebastian Vollath <svollath>
Component: BasesystemAssignee: David Cassany <dcassany>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: dcassany, thardeck
Version: Leap 42.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: KIWI logs + config

Description Sebastian Vollath 2016-11-07 14:24:58 UTC 
Created attachment 700932 [details]
KIWI logs + config

When building an appliance with kiwi (in this case using "machinery build"), kiwi finishes SUCCESSFUL, but machinery can't cleanup its temporary files. This is because kiwi leaves a sysfs mount open which requires a reboot to get rid of.

((Reproduced with Leap 42.1, 42.2, kiwi-7.03.97, kiwi-7.04.8, kiwi-7.04.13))

Buildlog snippets:
...
Nov-07 14:52:18 <1> : EXEC [mount -n -t sysfs sysfs /tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys]
...
Nov-07 14:56:36 <1> : EXEC [umount "/tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys" 2>&1]
Nov-07 14:56:36 <2> : Umount of /tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys failed: umount: /tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys: target is busy
        (In some cases useful info about processes that
         use the device is found by lsof(8) or fuser(1).)
...
Nov-07 15:02:05 <1> : Closing session with ecode: 0
Nov-07 15:02:06 <1> : KIWI exited successfully

... see full log and config attached.

# mount | grep sysfs
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
sysfs on /tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys type sysfs (rw,relatime)

# lsof /tmp/machinery-image20161107-10165-1js1i2p/build/image-root/sys
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/10570/gvfs
      Output information may be incomplete.
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
systemd-l 2046 root    6r   REG   0,17     4096 18025 /sys/devices/virtual/tty/tty0/active
((root      2046  0.0  0.0  20108  2608 ?        Ss   Nov04   0:01 /usr/lib/systemd/systemd-logind))
Comment 1 David Cassany 2016-11-11 17:14:35 UTC 
After digging a while I found that this issue is produced by the installation of apparmor-profiles package. The installation of this package causes a restart of the apparmor service which somehow leaves something opened (I couldn't actually figure out what) related to the chrooted /sys. 

I am passing this issue to apparmor maintainers, I hope they can debug what is actually happening here when installing apparmor packages in a chrooted env.
Comment 2 David Cassany 2016-11-11 17:24:40 UTC 
(In reply to Sebastian Vollath from comment #0)

Meanwhile, Sebastian, in my development platform (leap 42.1) I could lazy umount the chrooted /sys and apparently it unmounted immediately, maybe this helps to prevent you from having to reboot in order to get rid of that mounted sysfs.
Comment 6 David Cassany 2017-08-29 15:53:06 UTC 
Current kiwi versions (former and next generation) make use of lazy umount which solves the issue.
Comment 13 Swamp Workflow Management 2019-02-07 02:10:25 UTC 
SUSE-RU-2019:0279-1: An update that has 18 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1003091,1008898,1009032,1029904,1036198,1039469,1047291,1059715,1066873,1071135,1075810,1075813,1095856,1108837,1116729,1118306,984158,997085
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kiwi-7.04.47-72.31.1
SUSE Linux Enterprise Server 12-SP3 (src):    kiwi-7.04.47-72.31.1