Bugzilla – Bug 910322
kernel-macros: kernel removal leaves empty orphan directory
Last modified: 2018-07-03 20:52:54 UTC
Removal of obsolete kernel should keep no traces. But its removal keeps its empty directory in /lib/modules forever. The directory is owned by kernel-{flavor} and all kmp modules inside, so rpm tried to remove it together with the package. But it probably was not empty. In such case, rpm leaves orphan directory without any warning.
(In reply to Stanislav Brabec from comment #0) > Removal of obsolete kernel should keep no traces. But its removal keeps its > empty directory in /lib/modules forever. > > The directory is owned by kernel-{flavor} and all kmp modules inside, so rpm > tried to remove it together with the package. But it probably was not empty. > In such case, rpm leaves orphan directory without any warning. Aren't there anything remaining in directories? If so, I wonder what interferes the directory removal. Or something like wake-updates symlink remained at rpm uninstall and removed later? Possibly we can enhance purge-kernels script to clean up orphans, too.
After completing of the removal, only the empty directory remains. Looking at the directory of active kernel, it is owned by the kernel package and also all kernel module packages (which is acceptable, but not completely clean solution: The directory should be owned only by the kernel, and all module packages should require the kernel (they do)). There are no unowned files. I guess that the problem is probably caused by the "update" directory. It is not owned by the kernel package, only by modules package. Even if the dependency chain exists: rpm -q --requires virtualbox-host-kmp-desktop ... kernel-uname-r = 3.18.1-1-desktop ... rpm -q --whatprovides kernel-uname-r kernel-desktop-3.18.1-1.2.x86_64 The "Requires" dependency chain allows to remove packages in batch in an arbitrary order. If my guess is correct, I see two possible solutions: 1) (clean) Use Requires(post) and Requires(postun) instead of plain requires for module packages. 2) (hack) Add rmdir --ignore-fail-on-non-empty of kernel dir to %postun of module packages.
Guess: You had some non-standard package with kernel modules that did not own /lib/modules/$uname and this package was the last to be removed. Can you check /var/log/zypp/history for this hypothesis? I do not quite get the problem with the updates subdirectory. As you say, it is owned by KMPs, which also own /lib/modules/$uname. So the last KMP removes /lib/modules/$uname/updates and then either the kernel or this very KMP also removes /lib/modules/$uname. Another subdirectory, weak-updates, is taken care of by kernel's %postun; see remove_kernel() { local krel=$1 local dir=/lib/modules/$krel if [ -d $dir/weak-updates ]; then rm -rf $dir/weak-updates fi # If there are no KMPs left, remove the empty directory rmdir $dir 2>/dev/null } in /usr/lib/module-init-tools/weak-modules2. Am I missing somethig?
Update: It seems to be caused by devel package: /lib/modules> ls -al --full-time drwxr-xr-x 1 root root 0 2015-01-02 16:49:20.658627319 +0100 3.17.4-1-default drwxr-xr-x 1 root root 0 2015-01-02 16:49:19.647630558 +0100 3.17.4-1-xen ... (Directories are empty.) /var/log/zypp/history: 2015-01-02 16:49:18|remove |kernel-source|3.17.4-1.2|noarch|root@oct| 2015-01-02 16:49:18|remove |kernel-syms|3.17.4-1.2|x86_64|root@oct| 2015-01-02 16:49:19|remove |kernel-xen-devel|3.17.4-1.2|x86_64|root@oct| 2015-01-02 16:49:20|remove |kernel-desktop-devel|3.17.4-1.2|x86_64|root@oct| 2015-01-02 16:49:20|remove |kernel-default-devel|3.17.4-1.2|x86_64|root@oct| => The last package accessing the directory was the -devel package. And it does not own the directory.
Thanks for debugging this! I fixed the spec file in SLE11-SP3, SLE12, openSUSE-13.2 and master.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-03-05. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60808
SUSE-SU-2015:0529-1: An update that solves 8 vulnerabilities and has 53 fixes is now available. Category: security (important) Bug References: 799216,800255,860346,875220,877456,884407,895805,896484,897736,898687,900270,902286,902346,902349,903640,904177,904883,904899,904901,905100,905304,905329,905482,905783,906196,907069,908069,908322,908825,908904,909829,910322,911326,912202,912654,912705,913059,914112,914126,914254,914291,914294,914300,914457,914464,914726,915188,915322,915335,915425,915454,915456,915550,915660,916107,916513,916646,917089,917128,918161,918255 CVE References: CVE-2014-3673,CVE-2014-3687,CVE-2014-7822,CVE-2014-7841,CVE-2014-8160,CVE-2014-8559,CVE-2014-9419,CVE-2014-9584 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.38-44.5, kernel-obs-build-3.12.38-44.1 SUSE Linux Enterprise Server 12 (src): kernel-source-3.12.38-44.1, kernel-syms-3.12.38-44.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_3-1-2.2 SUSE Linux Enterprise Desktop 12 (src): kernel-source-3.12.38-44.1, kernel-syms-3.12.38-44.1
SUSE-SU-2015:0581-1: An update that solves 21 vulnerabilities and has 67 fixes is now available. Category: security (important) Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250 CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-ec2-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.28.1.7, gfs2-2-0.17.1.7, ocfs2-1.6-0.21.1.7 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1 SLE 11 SERVER Unsupported Extras (src): kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
openSUSE-SU-2015:0713-1: An update that solves 13 vulnerabilities and has 52 fixes is now available. Category: security (important) Bug References: 867199,893428,895797,900811,901925,903589,903640,904899,905681,907039,907818,907988,908582,908588,908589,908592,908593,908594,908596,908598,908603,908604,908605,908606,908608,908610,908612,909077,909078,909477,909634,910150,910322,910440,911311,911325,911326,911356,911438,911578,911835,912061,912202,912429,912705,913059,913466,913695,914175,915425,915454,915456,915577,915858,916608,917830,917839,918954,918970,919463,920581,920604,921313,922542,922944 CVE References: CVE-2014-8134,CVE-2014-8160,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9428,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-0777,CVE-2015-1421,CVE-2015-1593,CVE-2015-2150 Sources used: openSUSE 13.2 (src): bbswitch-0.8-3.6.6, cloop-2.639-14.6.6, crash-7.0.8-6.6, hdjmod-1.28-18.7.6, ipset-6.23-6.6, kernel-docs-3.16.7-13.2, kernel-obs-build-3.16.7-13.7, kernel-obs-qa-3.16.7-13.1, kernel-obs-qa-xen-3.16.7-13.1, kernel-source-3.16.7-13.1, kernel-syms-3.16.7-13.1, pcfclock-0.44-260.6.2, vhba-kmp-20140629-2.6.2, virtualbox-4.3.20-10.2, xen-4.4.1_08-12.2, xtables-addons-2.6-6.2
SUSE-SU-2015:0736-1: An update that solves 21 vulnerabilities and has 69 fixes is now available. Category: security (important) Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910251,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250,924282 CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.28.1.14, drbd-kmp-8.4.4-0.23.1.14, iscsitarget-1.4.20-0.39.1.14, kernel-rt-3.0.101.rt130-0.33.36.1, kernel-rt_trace-3.0.101.rt130-0.33.36.1, kernel-source-rt-3.0.101.rt130-0.33.36.1, kernel-syms-rt-3.0.101.rt130-0.33.36.1, lttng-modules-2.1.1-0.12.1.13, ocfs2-1.6-0.21.1.14, ofed-1.5.4.1-0.14.1.14