kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #50193
[Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
A naieve test of aufs directly shows that chown and chmod do cause a
copy up of the underlying files as expected.
In the read only layer before chmod/chown:
drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D1
drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D2
drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D3
In the mount after:
drwxrwxr-x 2 sbuild sbuild 4096 Mar 18 09:16 D1
drwxrwxrwx 2 apw apw 4096 Mar 18 09:16 D2
drwxrwxrwx 2 apw apw 4096 Mar 18 09:16 D3
The underlying permissions remain unchanged after these operations.
This all seems semantically correct.
I need a description of how we are using aufs in these this scenario (in
comment #2), for instance are we modifing the actual underlying files
while mounted which would be a no-no.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1293549
Title:
Filesystem mount from lxc template causes filesystem permission
breakages
Status in juju-core:
In Progress
Status in lxc containers:
Confirmed
Status in “linux” package in Ubuntu:
Confirmed
Status in “postgresql” package in Juju Charms Collection:
New
Bug description:
In juju-core 1.17.5, creating new lxc machines is now much faster as
it appears to be using a template machine. In addition, the root
filesystem is mounted from the template machine.
Unfortunately, this causes filesystem permissions to screw up.
juju deploy ubuntu
juju ssh ubuntu/0
sudo chown ubuntu:ubuntu /etc/ssl/private
ls /etc/ssl/private
That final 'ls' fails with a permission denied. This is possibly a
security precaution in lxc or the filesystem.
This issue breaks the postgresql charm. The PostgreSQL packages
require and use the ssl-cert package, which changes /etc/ssl/private
to be group readable by the ssl-cert group. The postgres user, a
member of the ssl-cert group, is unable to read the private key stored
in this directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions