BOINC 7.18.1 causes invalids

Questions and Answers : Unix/Linux : BOINC 7.18.1 causes invalids
Message board moderation

To post messages, you must log in.

AuthorMessage
Jim1348

Send message
Joined: 3 Oct 19
Posts: 153
Credit: 32,412,973
RAC: 2,873
Message 1644 - Posted: 30 Jan 2022, 18:04:08 UTC
Last modified: 30 Jan 2022, 18:07:10 UTC

Upgrading to BOINC 7.18.1 (from LoctusOfBorg, ppa:costamagnagianfranco/boinc) caused rapid invalids on my Ryzen 3600 under Ubuntu 20.04.3.
But BOINC 7.16.6 (from Ubuntu Software) and 7.16.17 (the previous version from LOB) work OK.

(But there is a new build of 7.18.1 on LOB. I have not tried it.)
ID: 1644 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Aurum
Avatar

Send message
Joined: 14 Dec 19
Posts: 68
Credit: 45,744,261
RAC: 7,366
Message 1666 - Posted: 22 Feb 2022, 13:16:32 UTC - in response to Message 1644.  

Why would one choose to run this version instead of the one in the Linux repository?
ID: 1666 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jim1348

Send message
Joined: 3 Oct 19
Posts: 153
Credit: 32,412,973
RAC: 2,873
Message 1668 - Posted: 22 Feb 2022, 22:04:13 UTC - in response to Message 1666.  

Why would one choose to run this version instead of the one in the Linux repository?

It is the latest one in the development release (LocutusOfBorg) repository.
https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/boinc
Sometimes they fix problems. Sometimes they cause them.
ID: 1668 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
YAG

Send message
Joined: 19 Jun 20
Posts: 10
Credit: 2,792,400
RAC: 183
Message 1681 - Posted: 24 Feb 2022, 21:38:48 UTC - in response to Message 1668.  

Hey, Jim1348! Nice to meet you. We was talking five months ago about, I think, the same issue.

Sebastien provided a solution and now I think we know the root cause. I copy/paste here what I think important:
To fix this issue, I edited the file /lib/systemd/system/boinc-client.service and replaced ProtectSystem=strict by ProtectSystem=full
systemctl stop boinc-client
sed -i 's/ProtectSystem=strict/ProtectSystem=full/g' /lib/systemd/system/boinc-client.service
systemctl daemon-reload
systemctl start boinc-client
Reading the systemd.exec man page I saw it is recommended, due to security measures, to use the strict parameter, and also that that parameter was introduced in 2016. The distinct Linux distributions are incorporating the recomendations, and if the project of Boinc you want to run tries to store data in a path not authorized by the "strict" parameter, the app fails. So the issue finally depends on the systemd version, the Boinc version and the project you are executing.
ID: 1681 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jim1348

Send message
Joined: 3 Oct 19
Posts: 153
Credit: 32,412,973
RAC: 2,873
Message 1682 - Posted: 24 Feb 2022, 21:54:22 UTC - in response to Message 1681.  

Thank you YAG. That looks like the secure way to do it.
I am back to BOINC 7.16.6. Maybe the new Ubuntu 20.04.4 will incorporate the fix?
ID: 1682 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
YAG

Send message
Joined: 19 Jun 20
Posts: 10
Credit: 2,792,400
RAC: 183
Message 1683 - Posted: 28 Feb 2022, 0:58:52 UTC - in response to Message 1682.  

I do not know. I am a Debian 11 user. I am afraid future linux distributions will use the strict mode and will expect that the several projects will update their apps for using only authorized paths.
ID: 1683 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jim1348

Send message
Joined: 3 Oct 19
Posts: 153
Credit: 32,412,973
RAC: 2,873
Message 1684 - Posted: 28 Feb 2022, 3:11:35 UTC - in response to Message 1683.  

I do not know. I am a Debian 11 user. I am afraid future linux distributions will use the strict mode and will expect that the several projects will update their apps for using only authorized paths.

I installed Ubuntu 20.04.4, and it still downloads BOINC 7.16.6 from the Ubuntu Software center. They are probably giving the projects more time to make their stuff compatible.
But it looks like it is coming.
ID: 1684 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Tullio

Send message
Joined: 5 Sep 20
Posts: 103
Credit: 2,142,600
RAC: 204
Message 1685 - Posted: 28 Feb 2022, 16:52:24 UTC

I am using BOINC 7.18.1 on my Linux Virtual Machine running OpenSUSE Tumbleweed, and nwchem runs fine. Since the Tunbleweed kernel is frequently updated and I have to reboot, a message comes out that 7.18.1 is a development version and could cause errrors.
Tullio
ID: 1685 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
cpuprocess2

Send message
Joined: 5 Oct 21
Posts: 1
Credit: 5,941,800
RAC: 1,508
Message 1687 - Posted: 4 Mar 2022, 17:05:59 UTC
Last modified: 4 Mar 2022, 17:30:02 UTC

I have 2 hosts on Debian 11, where one (#10506) works fine and the other (#10563) returns invalid workunits after ~3 seconds. Looks like the difference came down to the BOINC client's systemd service file. 10506 has "PrivateTmp=true" whereas 10563 has "#PrivateTmp=true #Block X11 idle detection". Everything else in the file is the same, including "ProtectSystem=strict". After changing 10563 to use PrivateTmp, it has started returning valid results.

Just checked the boinc-client packages on Debian today. Only 7.16.17+dfsg-2 (no longer available for amd64) included a service file that uses PrivateTmp. The other recent versions (7.16.16+dfsg-1, 7.18.1+dfsg-4) have it commented out and the old version (7.14.2+dfsg-3) doesn't even have that line.

EDIT: Looks like PrivateTmp was commented out to fix idle detection (issue, pull request). Apparently other projects have similar issues. It seems the long-term fix is for the QuChem program to write to the slot folder instead of /tmp.
ID: 1687 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
BellyNitpicker

Send message
Joined: 20 Sep 20
Posts: 2
Credit: 1,285,600
RAC: 162
Message 1743 - Posted: 9 May 2022, 14:25:35 UTC

I've just installed Ubuntu 22.04 on a VM under VirtualBox (MacOS). The version of BOINC in the repository is now 7.18.1, which still fails on security, and can still be fixed by the instructions below, plus judicious security liberation on /var/lib/boinc-client. For the time being, it still means manual start of the daemon after a reboot, but that's live-able with for the time being.

Will report if I suffer invalid workunits.
ID: 1743 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Tullio

Send message
Joined: 5 Sep 20
Posts: 103
Credit: 2,142,600
RAC: 204
Message 1744 - Posted: 9 May 2022, 15:30:20 UTC

I am using BOINC 7.18.1 on a Linux Virtual Machine running SuSE Tumbleweed, a development version of Linux updated very frequently. Now its kernel is 5.17.4. When the kernel is updted I have to reboot after installing it. It is running Einstein@home and QuChemPedIA@home. When rebooted it warns that 7.18.1 is a development version and might not work, but it does.
Tullio
ID: 1744 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Diplomat
Avatar

Send message
Joined: 7 Feb 20
Posts: 10
Credit: 6,625,400
RAC: 0
Message 1765 - Posted: 24 Jul 2022, 8:56:04 UTC

any news?

for now only QuChemPedIA have issues, all other projects doing good
ID: 1765 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jim1348

Send message
Joined: 3 Oct 19
Posts: 153
Credit: 32,412,973
RAC: 2,873
Message 1766 - Posted: 24 Jul 2022, 17:27:52 UTC - in response to Message 1765.  

any news?

for now only QuChemPedIA have issues, all other projects doing good

The Rosetta/Pythons also don't work. They won't even start up.
I tried upgrading to BOINC 7.20.2 and get the same result. That is because it isn't a bug in BOINC, just a new security requirement.
I think all writes have to go to the slots folder, not a tmp folder. Not all projects are up to speed on it yet.

I don't recall if I tried it on Cosmology, but it is a VirtualBox project, and has not been updated for some time. I doubt that the new BOINC works there either.
ID: 1766 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Questions and Answers : Unix/Linux : BOINC 7.18.1 causes invalids

©2022 Benoit DA MOTA - LERIA, University of Angers, France