LXC/LXD instances are always ignored

[m-shibata]

needrestart always ignores updated libraries in LXC/LXD instances. It seems that it is regression of #233.

Environment

• Ubuntu 22.04 LTS
• needrestart 3.5 (package version 3.5-5ubuntu2.1, backported many patches until commit: eb3531a)

How to reproduce

1. Install Ubuntu 22.04 LTS
2. Setup LXD: $ sudo lxd init --auto
3. Start LXD instance: $ lxc launch ubuntu:22.04 jammy
4. Reinstall glibc on LXD: $ lxc exec jammy apt reinstall libc6
5. Cancel on debconf dialog in LXD instance
6. Exec needrestart on host: $ sudo needrestart -v

• Expected result: show message "Containers need to berestarted"
• Actual result: show "No containers need to be restarted."

The verbose message is following:

root@jammyv:~# needrestart -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.5
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[main] vm detected
[Core] #456 is a NeedRestart::Interp::Python
[Python] #456: source=/usr/bin/networkd-dispatcher
[Core] #536 is a NeedRestart::Interp::Python
[Python] #536: source=/usr/share/unattended-upgrades/unattended-upgrade-shutdown
[main] #3711 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] LXD installed via snap
[LXC] #3711 is part of LXD container 'jammy'
[main] #3735 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3735 is part of LXD container 'jammy'
[main] #3759 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3759 is part of LXD container 'jammy'
[main] #3760 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3760 is part of LXD container 'jammy'
[main] #3761 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3761 is part of LXD container 'jammy'
[main] #3819 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3819 is part of LXD container 'jammy'
[main] #3821 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3821 is part of LXD container 'jammy'
[main] #3834 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3834 is part of LXD container 'jammy'
[main] #3835 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3835 is part of LXD container 'jammy'
[main] #3839 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3839 is part of LXD container 'jammy'
[main] #3840 uses deleted /usr/lib/x86_64-linux-gnu/libm.so.6
[LXC] #3840 is part of LXD container 'jammy'
[main] #3841 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3841 is part of LXD container 'jammy'
[main] #3848 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3848 is part of LXD container 'jammy'
[main] #3850 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3850 is part of LXD container 'jammy'
[main] #3852 uses deleted /usr/lib/x86_64-linux-gnu/libm.so.6
[LXC] #3852 is part of LXD container 'jammy'
[main] #3864 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3864 is part of LXD container 'jammy'
[main] #3874 uses deleted /usr/lib/x86_64-linux-gnu/libresolv.so.2
[LXC] #3874 is part of LXD container 'jammy'
[main] #3875 uses deleted /usr/lib/x86_64-linux-gnu/gconv/IBM850.so
[LXC] #3875 is part of LXD container 'jammy'
[main] #3891 uses deleted /usr/lib/x86_64-linux-gnu/libc.so.6
[LXC] #3891 is part of LXD container 'jammy'
[main] #4165 uses deleted /usr/lib/x86_64-linux-gnu/libresolv.so.2
[LXC] #4165 is part of LXD container 'jammy'
[main] inside container or vm, skipping microcode checks
[Kernel] Linux: kernel release 5.15.0-1007-kvm, kernel version #7-Ubuntu SMP Wed May 18 17:06:39 UTC 2022
Failed to load NeedRestart::Kernel::kFreeBSD: [Kernel/kFreeBSD] Not running on GNU/kFreeBSD!
[Kernel/Linux] /boot/vmlinuz.old => 5.15.0-1007-kvm (buildd@lcy02-amd64-059) #7-Ubuntu SMP Wed May 18 17:06:39 UTC 2022 [5.15.0-1007-kvm]*
[Kernel/Linux] /boot/vmlinuz-5.15.0-1007-kvm => 5.15.0-1007-kvm (buildd@lcy02-amd64-059) #7-Ubuntu SMP Wed May 18 17:06:39 UTC 2022 [5.15.0-1007-kvm]*
[Kernel/Linux] /boot/vmlinuz => 5.15.0-1007-kvm (buildd@lcy02-amd64-059) #7-Ubuntu SMP Wed May 18 17:06:39 UTC 2022 [5.15.0-1007-kvm]*
[Kernel/Linux] Expected linux version: 5.15.0-1007-kvm

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

Investigation

The PR of #233 introduced opt_t to allow a tolerance when checking script files. And opt_t is added 4th argument of needrestart_cont_check().

needrestart/needrestart

Lines 587 to 588 in baf5e54

	# handle containers (LXC, docker, etc.)
	next if($restart && needrestart_cont_check($nrconf{verbosity} > 1, $pid, $exe, $opt_t));

However the 4th argument is "norestart" options for needrestart_cont_check().

needrestart/perl/lib/NeedRestart.pm

Lines 238 to 251 in baf5e54

	sub needrestart_cont_check($$$;$) {
	my $debug = shift;
	my $pid = shift;
	my $bin = shift;
	my $norestart = shift || 0;
	needrestart_cont_init($debug) unless(scalar keys %CONT);
	foreach my $cont (values %CONT) {
	return 1 if($cont->check($pid, $bin, $norestart));
	}
	return 0;
	}

Then the default value is opt_t=2 is set to noautorestart, and all changes in LXC/LXD instances are ignored.

I think opt_t should not be passed to needrestart_cont_check(), isn't it?

Workaround

LXC/LXD instances will be restarted with -t 0 option.

$ sudo needrestart  -u NeedRestart::UI::stdio -t 0
Scanning processes...
Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

Restarting containers...
Containers to be restarted:
Restart «LXC jammy»? [Ynas?]

[liske]

Thanks for your in-depth analysis of this issue!