touch-packages team mailing list archive

[Serge Hallyn <1389305@xxxxxxxxxxxxxxxxxx>]

Great, thanks for the information.

ecryptfs is a stackable filesystem, meaning that it sits between a real
filesystem and your view of it, interpreting (encrypting/decrypting)
data.  There are several things which are notably difficult for a
stackign filesystem to get right.

I'm going to mark this bug as affecting ecryptfs mainly so others can
find the information should they run into this.  However it is not
something I would actually expect to get fixed, though it's not
impossible.

** Also affects: ecryptfs-utils (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: lxc (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305

Title:
  sudo doesn't work on unprivileged lxc container

Status in “ecryptfs-utils” package in Ubuntu:
  New
Status in “lxc” package in Ubuntu:
  Invalid

Bug description:
  On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
  container, the sudo complains that:

  $ sudo su
  sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

  To reproduce:

  1. Download and install the Ubuntu amd64 minimalcd
  2. Install lxc on it and openssh for convenience.
  3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do:
       a) sudo usermod --add-subuids 100000-165536 $USER
       b) sudo usermod --add-subgids 100000-165536 $USER
       c) sudo chmod +x $HOME
       d) create the file  ~/.config/lxc/default.conf with the following contents:
  lxc.include = /etc/lxc/default.conf
  lxc.id_map = u 0 100000 65536
  lxc.id_map = g 0 100000 65536
       e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
  (restart is not required)
  4. Create the container with
  lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
  5. Install openssh-server in the container:
  lxc-start -d -n p1
  lxc-attach -n p1 -- apt-get install openssh-server
  6. Add a user "adam" with the group sudo
  lxc-attach -n p1 -- adduser adam sudo
  7. Set a password for the user
  8. Log in via ssh (and provide the password from step 7)
  ssh p1@adam
  9. On the p1:
  adam@p1$ sudo su
  sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

  I expected it to make change the user to root.

  lxc version: 1.0.3-0ubuntu3
  $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
  20141101_03:49

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions