← Back to team overview

kernel-packages team mailing list archive

[Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages


@Serge, while it may be a work around for some, it certainly is going to
be a problem in the big picture.

We are running code written by others (juju hooks).

I'm going to submit a branch to juju to disable aufs by default, but
enable the setting so people can try it out.

** Branch linked: lp:~thumper/juju-core/local-provider-aufs-default-off

** Changed in: juju-core
       Status: Triaged => In Progress

** Changed in: juju-core
     Assignee: (unassigned) => Tim Penhey (thumper)

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  Filesystem mount from lxc template causes filesystem permission

Status in juju-core:
  In Progress
Status in lxc containers:
Status in “linux” package in Ubuntu:
Status in “postgresql” package in Juju Charms Collection:

Bug description:
  In juju-core 1.17.5, creating new lxc machines is now much faster as
  it appears to be using a template machine. In addition, the root
  filesystem is mounted from the template machine.

  Unfortunately, this causes filesystem permissions to screw up.

  juju deploy ubuntu
  juju ssh ubuntu/0
  sudo chown ubuntu:ubuntu /etc/ssl/private
  ls /etc/ssl/private

  That final 'ls' fails with a permission denied. This is possibly a
  security precaution in lxc or the filesystem.

  This issue breaks the postgresql charm. The PostgreSQL packages
  require and use the ssl-cert package, which changes /etc/ssl/private
  to be group readable by the ssl-cert group. The postgres user, a
  member of the ssl-cert group, is unable to read the private key stored
  in this directory.

To manage notifications about this bug go to: