kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #50154
[Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
@Serge, while it may be a work around for some, it certainly is going to
be a problem in the big picture.
We are running code written by others (juju hooks).
I'm going to submit a branch to juju to disable aufs by default, but
enable the setting so people can try it out.
** Branch linked: lp:~thumper/juju-core/local-provider-aufs-default-off
** Changed in: juju-core
Status: Triaged => In Progress
** Changed in: juju-core
Assignee: (unassigned) => Tim Penhey (thumper)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1293549
Title:
Filesystem mount from lxc template causes filesystem permission
breakages
Status in juju-core:
In Progress
Status in lxc containers:
Confirmed
Status in “linux” package in Ubuntu:
Confirmed
Status in “postgresql” package in Juju Charms Collection:
New
Bug description:
In juju-core 1.17.5, creating new lxc machines is now much faster as
it appears to be using a template machine. In addition, the root
filesystem is mounted from the template machine.
Unfortunately, this causes filesystem permissions to screw up.
juju deploy ubuntu
juju ssh ubuntu/0
sudo chown ubuntu:ubuntu /etc/ssl/private
ls /etc/ssl/private
That final 'ls' fails with a permission denied. This is possibly a
security precaution in lxc or the filesystem.
This issue breaks the postgresql charm. The PostgreSQL packages
require and use the ssl-cert package, which changes /etc/ssl/private
to be group readable by the ssl-cert group. The postgres user, a
member of the ssl-cert group, is unable to read the private key stored
in this directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions