kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #147671
[Bug 1519106] Re: Unprivileged lxc container fails to start due to error mounting proc
** Description changed:
+ == SRU Justification ==
+
+ Impact: Unprivileged lxc containers fail to start whenever a filesystem
+ is mounted on /proc/fs/nfsd.
+
+ Fix: Cherry pick upstream commit
+ d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02.
+
+ Regression Potential: This commit modifies proc_register so that callers
+ must set the proc_fops and/or proc_iops before calling rather that
+ proc_register assigning them based on the type of inode passed. All call
+ sites in 3.19 match exactly with those upstream at the time the patch
+ was merged, except for proc_create_mount_point which is the call site
+ causing this issue. Which is to say that there is no functional change
+ for any proc inodes except for the ones which can cause this problem,
+ therefore there should be little potential for regression.
+
+ ---
+
Unprivileged lxc containers fail to start in some instances under vivid:
lxc-start 1448306932.775 ERROR lxc_utils - utils.c:safe_mount:1686 - Operation not permitted - Failed to mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc
lxc-start 1448306932.775 ERROR lxc_conf - conf.c:lxc_mount_auto_mounts:828 - Operation not permitted - error mounting proc on /usr/lib/x86_64-linux-gnu/lxc/proc flags 14
The failure is caused by the backport of
7236c85e1be51a9e25ba0f6e087a66ca89605a49 "mnt: Update fs_fully_visible
to test for permanently empty directories." The backport itself is
correct but some of its assumptions are not met to do a change which
- happened after 3.19. This causes the directories under /proc/fs to fail
- the "directory is permanently empty" test, and if another filesystem is
- mounted on top of one of these directories this will cause the mount of
- proc in the container to fail. The fix is to bakcport
- d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02 "gut proc_register() a bit" as
- well.
+ happened after 3.19. This causes /proc/fs/nfsd to fail the "directory is
+ permanently empty" test, and when the nfsd fs another filesystem is
+ mounted on that directory it causes the mount of proc in the container
+ to fail. The fix is to bakcport d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02
+ "gut proc_register() a bit" as well.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: linux-image-3.19.0-33-generic 3.19.0-33.38
ProcVersionSignature: User Name 3.19.0-33.38-generic 3.19.8-ckt7
Uname: Linux 3.19.0-33-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Nov 23 21:22 seq
crw-rw---- 1 root audio 116, 33 Nov 23 21:22 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.17.2-0ubuntu1.8
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Date: Mon Nov 23 21:24:16 2015
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-33-generic root=UUID=63d8816d-53d7-4318-b873-2cfe367b957a ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-3.19.0-33-generic N/A
linux-backports-modules-3.19.0-33-generic N/A
linux-firmware 1.143.7
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU
** Also affects: linux (Ubuntu Vivid)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Vivid)
Importance: Undecided => High
** Changed in: linux (Ubuntu Vivid)
Status: New => In Progress
** Changed in: linux (Ubuntu Vivid)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1519106
Title:
Unprivileged lxc container fails to start due to error mounting proc
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Vivid:
In Progress
Bug description:
== SRU Justification ==
Impact: Unprivileged lxc containers fail to start whenever a
filesystem is mounted on /proc/fs/nfsd.
Fix: Cherry pick upstream commit
d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02.
Regression Potential: This commit modifies proc_register so that
callers must set the proc_fops and/or proc_iops before calling rather
that proc_register assigning them based on the type of inode passed.
All call sites in 3.19 match exactly with those upstream at the time
the patch was merged, except for proc_create_mount_point which is the
call site causing this issue. Which is to say that there is no
functional change for any proc inodes except for the ones which can
cause this problem, therefore there should be little potential for
regression.
---
Unprivileged lxc containers fail to start in some instances under
vivid:
lxc-start 1448306932.775 ERROR lxc_utils - utils.c:safe_mount:1686 - Operation not permitted - Failed to mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc
lxc-start 1448306932.775 ERROR lxc_conf - conf.c:lxc_mount_auto_mounts:828 - Operation not permitted - error mounting proc on /usr/lib/x86_64-linux-gnu/lxc/proc flags 14
The failure is caused by the backport of
7236c85e1be51a9e25ba0f6e087a66ca89605a49 "mnt: Update fs_fully_visible
to test for permanently empty directories." The backport itself is
correct but some of its assumptions are not met to do a change which
happened after 3.19. This causes /proc/fs/nfsd to fail the "directory
is permanently empty" test, and when the nfsd fs another filesystem is
mounted on that directory it causes the mount of proc in the container
to fail. The fix is to bakcport
d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02 "gut proc_register() a bit"
as well.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: linux-image-3.19.0-33-generic 3.19.0-33.38
ProcVersionSignature: User Name 3.19.0-33.38-generic 3.19.8-ckt7
Uname: Linux 3.19.0-33-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Nov 23 21:22 seq
crw-rw---- 1 root audio 116, 33 Nov 23 21:22 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.17.2-0ubuntu1.8
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Date: Mon Nov 23 21:24:16 2015
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-33-generic root=UUID=63d8816d-53d7-4318-b873-2cfe367b957a ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-3.19.0-33-generic N/A
linux-backports-modules-3.19.0-33-generic N/A
linux-firmware 1.143.7
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1519106/+subscriptions
References