Canonical Livepatch Client

pro livepatch status incorrect when run as normal user

Bug #2019997 reported by Jeremy Bícha on 2023-05-17

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Livepatch Client	New	Undecided	Unassigned
	ubuntu-advantage-tools (Ubuntu)	Triaged	Low	Lucas Albuquerque Medeiros de Moura

Bug Description

livepatch shows as disabled when `pro status` is run as a normal user, but enabled when run with sudo.

$ pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes disabled Canonical Livepatch service

$ sudo pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service

This is probably a separate issue, but similarly (with a few numbers I have replaced by <censored>:
$ canonical-livepatch status
internal error, please report: running "canonical-livepatch" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/235 finished with result failed

$ sudo canonical-livepatch status
last check: 35 minutes ago
kernel: <censored>
server check-in: succeeded
kernel state: ✓ kernel is supported by Canonical.
patch state: ✓ all applicable livepatch modules inserted
patch version: <censored>
tier: stable

ubuntu-advantage-tools 27.14.4~22.04
Ubuntu 22.04.2 LTS

Revision history for this message

Renan Rodrigo (renanrodrigo) wrote on 2023-05-18:

Hello, Jeremy, thanks for reporting.

The Client relies on `canonical-livepatch status` to show the status. As it errors out, we are not able to say it is enabled - but don't capture the error either.

This is a bug against canonical-livepatch for sure. In the client side, I wonder if we can identify errors and report it on `pro status`.

Changed in ubuntu-advantage-tools (Ubuntu):
status:	New → Triaged

Revision history for this message

Kian Parvin (kian-parvin) wrote on 2023-05-18:

I think this bug goes lower than Livepatch, it seems to be a problem with Snapd in general. Some links that might be of interest
https://forum.snapcraft.io/t/error-running-snaps-cannot-create-transient-scope/24515
https://bugs.launchpad.net/snappy/+bug/1965328
https://github.com/canonical/microk8s/issues/2194 - here in particular the issue happens with microk8s and similarly running the command with `sudo` fixes it.

Can you share your system's uptime with us? I wonder if there might be any correlation there. A reboot might help if some kind of pid limit is being reached but that's not particularly helpful for a service like Livepatch that aims to delay reboots.

Revision history for this message

Renan Rodrigo (renanrodrigo) wrote on 2023-05-18:

After a quick discussion with the team, the best effort on our side is to present errors in `canonical-livepatch status` as errors in our status itself, telling users to run `canonical-livepatch` directly to check what is happening. We are marking this as a low priority issue - please let us know if there is any urgency.

Revision history for this message

Jeremy Bícha (jbicha) wrote on 2023-05-18:

That machine had about 70 days uptime. Rebooting seems to have fixed it (It looks like the Jammy HWE-5.19 kernel isn't supported by livepatch yet).

No urgency on this issue for me especially since I had an easy workaround.

Grant Orndorff (orndorffgrant) on 2023-08-15