group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1607374] [NEW] Cannot mount proc in unprivileged containers if /proc/xen is mounted

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Seth Forshee <seth.forshee+lp@xxxxxxxxxxxxx>
Date: Thu, 28 Jul 2016 13:31:38 -0000
Reply-to: Bug 1607374 <1607374@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

SRU Justification

Impact: The xenfs filesystem is traditionally mounted at /proc/xen in
xen guests. This directory doesn't use the special "create proc
mountpoint" interface and thus fails the permanently empty test in
fs_fully_visible(). This causes mounting of proc to fail in user
namespace containers.

Fix: Use the special proc interface to make this a "permanently empty"
directory.

Regression potential: This change will make it impossible to create
files within /proc/xen, but since the directory is only ever used as a
mount point this should not cause any problems.

Original bug report and testing results can be found at
https://github.com/lxc/lxd/issues/2238.

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: In Progress

** Affects: linux (Ubuntu Xenial)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: In Progress

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1607374

Title:
  Cannot mount proc in unprivileged containers if /proc/xen is mounted

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  SRU Justification

  Impact: The xenfs filesystem is traditionally mounted at /proc/xen in
  xen guests. This directory doesn't use the special "create proc
  mountpoint" interface and thus fails the permanently empty test in
  fs_fully_visible(). This causes mounting of proc to fail in user
  namespace containers.

  Fix: Use the special proc interface to make this a "permanently empty"
  directory.

  Regression potential: This change will make it impossible to create
  files within /proc/xen, but since the directory is only ever used as a
  mount point this should not cause any problems.

  Original bug report and testing results can be found at
  https://github.com/lxc/lxd/issues/2238.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1607374/+subscriptions

Follow ups

[Bug 1607374] Re: Cannot mount proc in unprivileged containers if /proc/xen is mounted
From: Po-Hsu Lin, 2019-10-03
[Bug 1607374] Re: Cannot mount proc in unprivileged containers if /proc/xen is mounted
From: Launchpad Bug Tracker, 2016-08-29