Polkit Package Update Disrupts Docker Bridge Networking on CentOS 7

Warning to anyone who is preparing for polkit upgrade due to CVE-2021-4034 vulnerability!

Simple polkit package update from 0.112-26.el7 to 0.112-26.el7_9.1 disrupts Docker bridge networking, so Docker service restart is required to bring the networking back. Service restart also restarts the containers, so expect some downtime.

Today I learned it the hard way. I planned to run yum update -y polkit on hundreds of servers, because I didn’t see any issues when I tested on select batch of servers before.

Well, I got lucky that I decided to double check on one more server, which also had the Docker service.

I ran the update and immediately received an alert about the app being down. After some troubleshooting we found a registered bug, which was actually closed because maintainers were unable to reproduce.

Here are the system versions:

I hope this helps!


Comments