touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #16415
[Bug 1367730] [NEW] container root directory has broken permissions with tight umask and --keep-data
Public bug reported:
While fixing autopkgtest for tight umasks
(http://bugs.debian.org/761049) I noticed that LXC fails under tight
umasks, too:
$ sudo -i
# umask 077
# lxc-start-ephemeral --keep-data -o adt-utopic
[... boots ... ]
adt-utopic-9x0b7tw_ login: ubuntu
Password:
Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.16.0-14-generic x86_64)
* Documentation: https://help.ubuntu.com/
Unable to cd to '/home/ubuntu'
then it fails and goes back to the login prompt. This is because of
$ sudo lxc-attach -n adt-utopic-9x0b7tw_
root@adt-utopic-9x0b7tw_:/# ls -ld /
drwx------ 1 root root 4096 Sep 10 14:23 /
apparently the container overlay root directory is created with the host
umask, and thus any non-root process in the container can't execute
anything due to / having 0700 permissions only.
This is with LXC 1.1.0~alpha1-0ubuntu4 under current Utopic.
** Affects: lxc (Ubuntu)
Importance: Low
Status: New
** Changed in: lxc (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1367730
Title:
container root directory has broken permissions with tight umask and
--keep-data
Status in “lxc” package in Ubuntu:
New
Bug description:
While fixing autopkgtest for tight umasks
(http://bugs.debian.org/761049) I noticed that LXC fails under tight
umasks, too:
$ sudo -i
# umask 077
# lxc-start-ephemeral --keep-data -o adt-utopic
[... boots ... ]
adt-utopic-9x0b7tw_ login: ubuntu
Password:
Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.16.0-14-generic x86_64)
* Documentation: https://help.ubuntu.com/
Unable to cd to '/home/ubuntu'
then it fails and goes back to the login prompt. This is because of
$ sudo lxc-attach -n adt-utopic-9x0b7tw_
root@adt-utopic-9x0b7tw_:/# ls -ld /
drwx------ 1 root root 4096 Sep 10 14:23 /
apparently the container overlay root directory is created with the
host umask, and thus any non-root process in the container can't
execute anything due to / having 0700 permissions only.
This is with LXC 1.1.0~alpha1-0ubuntu4 under current Utopic.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1367730/+subscriptions
Follow ups
References