Polkit Package Update Disrupts Docker Bridge Networking on CentOS 7
Warning to anyone who is preparing for polkit
upgrade due to
CVE-2021-4034 vulnerability!
Simple polkit
package update from 0.112-26.el7
to 0.112-26.el7_9.1
disrupts Docker bridge networking,
so Docker service restart is required to bring the networking back.
Service restart also restarts the containers, so expect some downtime.
Today I learned it the hard way. I planned to run yum update -y polkit
on hundreds of servers,
because I didn’t see any issues when I tested on select batch of servers before.
Well, I got lucky that I decided to double check on one more server, which also had the Docker service.
I ran the update and immediately received an alert about the app being down. After some troubleshooting we found a registered bug, which was actually closed because maintainers were unable to reproduce.
Here are the system versions:
- Docker:
19.03.15
- CentOS:
7.8.2003
- Kernel:
3.10.0-1127.el7.x86_64
I hope this helps!
Comments
Thanks!