← Back to team overview

touch-packages team mailing list archive

[Bug 1379441] Re: installation fails when /var/cache/lxc is read-only

 

Thanks for the bug report and the patch.  I'm a bit concerned about
supporting this.  I understand why you want it, but lxc in general won't
work well with a read-only cache, so an install failure early on would
seem preferable to a lxc-create failure later on.

Would using an overlayfs of the cache in the container have any
significant downsides?

Or, alternatively, you could simply bind-mount /var/cache/lxc into the
container rw, but (if you really don't trust the container) have
apparmor deny writes.

If we were to go with your fix, I would prefer to do

        chmod 700 /var/cache/lxc || true

because the -w check could fail for reasons other than a ro-fs.


** Changed in: lxc (Ubuntu)
       Status: New => Incomplete

** Changed in: lxc (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1379441

Title:
  installation fails when /var/cache/lxc is read-only

Status in “lxc” package in Ubuntu:
  Incomplete

Bug description:
  I'm following this guide:
  https://www.stgraber.org/2013/12/21/lxc-1-0-advanced-container-usage/
  [quote]
  Now restart “p1″ and you’ll see /var/cache/lxc in there, showing the same thing as you have on the host. Note that if you want the container to only be able to read the data, you can simply add “ro” as a mount flag in the fstab.
  [/quote]

  However lxc package installation fails when /var/cache/lxc is read-
  only. Is it possible to mark "chmod 700 /var/cache/lxc" in postinst as
  optional to allow read-only filesystem on /var/cache/lxc?

  Steps to reproduce:
  $ sudo lxc-create -t ubuntu-cloud -n bind-mount-ro-test -- --release trusty -S ~/.ssh/id_rsa.pub

  $ echo 'lxc.aa_profile = lxc-container-default-with-nesting' | sudo tee -a /var/lib/lxc/bind-mount-ro-test/config
  $ echo 'lxc.mount.entry = /var/cache/lxc var/cache/lxc none bind,create=dir,ro' | sudo tee -a /var/lib/lxc/bind-mount-ro-test/config

  [login to the container]
  $ sudo apt-get install lxc
  <snip>
  Setting up lxc (1.0.5-0ubuntu0.1) ...
  Setting up lxc dnsmasq configuration.
  chmod: changing permissions of '/var/cache/lxc': Read-only file system
  dpkg: error processing package lxc (--configure):
   subprocess installed post-installation script returned error exit status 1
  dpkg: dependency problems prevent configuration of lxc-templates:
   lxc-templates depends on lxc (>= 0.8.0~rc1-4ubuntu43); however:
    Package lxc is not configured yet.

  dpkg: error processing package lxc-templates (--configure):
   dependency problems - leaving unconfigured
  Errors were encountered while processing:
   lxc
   lxc-templates

  [lxc.postinst]
      # Up to version 1.0.0~alpha2-0ubuntu4 lxc was installed world
      # readable.  After that version if users want it that way for
      # convenience, then that's fine.  But one time go ahead and
      # forcibly change the permissions.
      if dpkg --compare-versions "$2" lt "1.0.0~alpha2-0ubuntu5"; then
          chmod 700 /var/lib/lxc
          chmod 700 /var/cache/lxc
      fi

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: lxc 1.1.0~alpha1-0ubuntu5
  ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3
  Uname: Linux 3.16.0-18-generic x86_64
  ApportVersion: 2.14.7-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 10 02:04:01 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-05-19 (143 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140518)
  SourcePackage: lxc
  UpgradeStatus: No upgrade log present (probably fresh install)
  defaults.conf:
   lxc.network.type = veth
   lxc.network.link = lxcbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1379441/+subscriptions


References