touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #25328
[Bug 1379441] Re: installation fails when /var/cache/lxc is read-only
Thanks for the bug report and the patch. I'm a bit concerned about
supporting this. I understand why you want it, but lxc in general won't
work well with a read-only cache, so an install failure early on would
seem preferable to a lxc-create failure later on.
Would using an overlayfs of the cache in the container have any
significant downsides?
Or, alternatively, you could simply bind-mount /var/cache/lxc into the
container rw, but (if you really don't trust the container) have
apparmor deny writes.
If we were to go with your fix, I would prefer to do
chmod 700 /var/cache/lxc || true
because the -w check could fail for reasons other than a ro-fs.
** Changed in: lxc (Ubuntu)
Status: New => Incomplete
** Changed in: lxc (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1379441
Title:
installation fails when /var/cache/lxc is read-only
Status in “lxc” package in Ubuntu:
Incomplete
Bug description:
I'm following this guide:
https://www.stgraber.org/2013/12/21/lxc-1-0-advanced-container-usage/
[quote]
Now restart “p1″ and you’ll see /var/cache/lxc in there, showing the same thing as you have on the host. Note that if you want the container to only be able to read the data, you can simply add “ro” as a mount flag in the fstab.
[/quote]
However lxc package installation fails when /var/cache/lxc is read-
only. Is it possible to mark "chmod 700 /var/cache/lxc" in postinst as
optional to allow read-only filesystem on /var/cache/lxc?
Steps to reproduce:
$ sudo lxc-create -t ubuntu-cloud -n bind-mount-ro-test -- --release trusty -S ~/.ssh/id_rsa.pub
$ echo 'lxc.aa_profile = lxc-container-default-with-nesting' | sudo tee -a /var/lib/lxc/bind-mount-ro-test/config
$ echo 'lxc.mount.entry = /var/cache/lxc var/cache/lxc none bind,create=dir,ro' | sudo tee -a /var/lib/lxc/bind-mount-ro-test/config
[login to the container]
$ sudo apt-get install lxc
<snip>
Setting up lxc (1.0.5-0ubuntu0.1) ...
Setting up lxc dnsmasq configuration.
chmod: changing permissions of '/var/cache/lxc': Read-only file system
dpkg: error processing package lxc (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of lxc-templates:
lxc-templates depends on lxc (>= 0.8.0~rc1-4ubuntu43); however:
Package lxc is not configured yet.
dpkg: error processing package lxc-templates (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
lxc
lxc-templates
[lxc.postinst]
# Up to version 1.0.0~alpha2-0ubuntu4 lxc was installed world
# readable. After that version if users want it that way for
# convenience, then that's fine. But one time go ahead and
# forcibly change the permissions.
if dpkg --compare-versions "$2" lt "1.0.0~alpha2-0ubuntu5"; then
chmod 700 /var/lib/lxc
chmod 700 /var/cache/lxc
fi
ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: lxc 1.1.0~alpha1-0ubuntu5
ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3
Uname: Linux 3.16.0-18-generic x86_64
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Oct 10 02:04:01 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-05-19 (143 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140518)
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1379441/+subscriptions
References