kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #62256
Re: [Bug 1322067] Re: 3.15.0-1.x breaks lxc-attach for unprivileged containers
Unfortunaty the check is not a simple uid comparison, because when I
use lxc-usernsexec to cat the file using the uid of root in the container,
I still get EPERM.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1322067
Title:
3.15.0-1.x breaks lxc-attach for unprivileged containers
Status in “linux” package in Ubuntu:
Confirmed
Status in “linux” source package in Utopic:
Confirmed
Bug description:
An unprivileged call to lxc-attach fails with kernel 3.15.0.1.2, but
works fine using 3.13.0-24-generic.
Under 3.15.0.1.2, attempting to connect to a running unprivileged
container:
$ lxc-attach --clear-env -n trusty -- /bin/true
lxc-attach: Permission denied - Could not open /proc/3805/personality
lxc-attach: failed to get context of the init process, pid = 3805
Note that lxc-start and lxc-console are not affected.
To recreate:
1) Create an unpriv container:
$ lxc-create -n utopic -t download -- -d ubuntu -r utopic -a amd64
2) Boot with 3.13.0-24-generic
3) Start the container:
$ lxc-start -n utopic
4) Run a command in the container:
$ lxc-attach -n utopic --clear-env -n trusty -- /bin/true
5) Reboot into 3.15.0.1.2 and re-run the lxc-start and lxc-attach.
6) Observe the EPERM error.
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: linux-generic 3.15.0.1.2
ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.2-0ubuntu4
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: james 2827 F.... pulseaudio
/dev/snd/pcmC1D0p: james 2827 F...m pulseaudio
/dev/snd/controlC0: james 2827 F.... pulseaudio
CurrentDesktop: Unity
Date: Thu May 22 07:21:55 2014
HibernationDevice: RESUME=UUID=db600bbe-faca-41f4-9338-c3e8e227599a
InstallationDate: Installed on 2014-04-11 (40 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
MachineType: LENOVO 20AQCTO1WW
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.13.0-24-generic N/A
linux-backports-modules-3.13.0-24-generic N/A
linux-firmware 1.129
SourcePackage: linux
UpgradeStatus: Upgraded to utopic on 2014-05-08 (13 days ago)
dmi.bios.date: 02/10/2014
dmi.bios.vendor: LENOVO
dmi.bios.version: GJET71WW (2.21 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20AQCTO1WW
dmi.board.vendor: LENOVO
dmi.board.version: 0B98405 STD
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrGJET71WW(2.21):bd02/10/2014:svnLENOVO:pn20AQCTO1WW:pvrThinkPadT440s:rvnLENOVO:rn20AQCTO1WW:rvr0B98405STD:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 20AQCTO1WW
dmi.product.version: ThinkPad T440s
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1322067/+subscriptions
References