-
Story
-
Resolution: Unresolved
-
Undefined
-
rhel-8.10.z
The leapp upgrade command can fail during the reboot phase when having 3rd party Python modules installed in /usr/local/lib/python3.6.
This can be hardened by making leapp only executes with "safe paths", through adding this below in the shebang:
#! /usr/libexec/platform-python -EsI
Additionally, it would be great to have a High Risk actor when leapp finds out /usr/local/lib/python3.6 exists for RHEL7 to RHEL8 upgrades or /usr/local/lib/python3.9 for RHEL8 to RHEL9 upgrade.
Indeed, currently there is no protection, which may lead to getting a non-operational system upon upgrade, such as in the example below (RHEL7 to RHEL8 upgrade):
- Install python3
# yum install python3
- Install "initparse" through pip3.6 using a deprecated module
# pip3.6 install iniparse==0.4 # ll /usr/local/lib/python3.6/site-packages/ total 0 drwxr-xr-x. 3 root root 108 Dec 19 15:11 iniparse drwxr-xr-x. 2 root root 117 Dec 19 15:11 iniparse-0.4-py3.6.egg-info
- Upgrade
# leapp upgrade; reboot
Upon upgrade, once rebooted on RHEL8, subscription-manager will not be functional:
# subscription-manager status
Unable to find Subscription Manager module.
Error: No module named 'ini'
This is because /usr/local/lib/python3.6 messes up with system modules.
