[01:01] <sarnold> blahdeblah: <3 :D
[01:30] <amurray> blahdeblah: thanks - I am in two minds about unattended-upgrades - it is fine and does what it says on the tin but for a lot of use-cases it is just too simplistic - ideally it would allow much finer grained customisation / integration with other services
[13:23] <sdeziel> IMHO, the problem isn't so much about unattended-upgrades itself but more with systemd-networkd being restarted post-upgrade. This is known to wreak havoc as you loose a bunch of "state" like routes injected or bridge parents and what not
[13:24] <sdeziel> I feel like systemd-networkd falls in the same category as Xorg for example, just don't restart it post-upgrade, wait for a complete reboot to pick up the patched bins/libs on disk
[13:25] <sdeziel> that said, maybe there are good reasons to force a daemon restart during post-inst.
[13:25] <tobhe> we clearly need systemd livepatch
[13:30] <ebarretto> lol
[13:41] <tobhe> networkd is really a tricky one. Looking at the CVE list there are many where the attack vector is local only but at least some of them can be triggered with crafted DHCP packages and the likes
[14:03] <rbasak> What's injecting the state? Would it be reasonable stuff that change state but doesn't arrange to persist it to have a mechanism to reinject the state when needed?
[14:16] <sdeziel> rbasak: it can be multiple things. For example, if you have a LXD defined network with `bridge.external_interfaces=eth0`, restarting networkd will have that bridge loose its eth0 parent.
[14:16] <sdeziel> rbasak: also, in the case of datadog it was some externally injected routes that were lost during networkd restart
[14:18] <sdeziel> not restarting networkd feels like the simple solution. The more complex one would be to serialize it's state when going down and reload it afterward.
[14:20] <rbasak> Not restarting it would leave it vulnerable though.
[14:20] <rbasak> (in the general case, certainly)
[14:20] <rbasak> So maybe good integration with needrestart?
[23:52] <blahdeblah> amurray: Agreed that it's simple, but that's what the vast majority of use cases need, IMO.  I customise my config to constrain the reboot window and for me that's enough, but obviously that wouldn't have helped Datadog in this case, because of the particular issues with systemd-networkd.