touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #35533
[Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
Quoting Adam Ryczkowski (adam.ryczkowski@xxxxxxxxxxxxxx):
> For one thing, the lxc-create can check if it is going to create a
> user-space container on top of the ecryptfs, and warn the user if
True. Though I would prefer not to work around the bug like this
until we are certain that it cannot be made to work (by fixing
ecryptfs in the kernel).
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- sudo doesn't work on unprivileged lxc container
+ sudo doesn't work on unprivileged lxc container on top of ecryptfs
** Changed in: lxc (Ubuntu)
Status: Invalid => Triaged
** Changed in: lxc (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container on top of ecryptfs
Status in “ecryptfs-utils” package in Ubuntu:
New
Status in “linux” package in Ubuntu:
Incomplete
Status in “lxc” package in Ubuntu:
Triaged
Bug description:
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
To reproduce:
1. Download and install the Ubuntu amd64 minimalcd
2. Install lxc on it and openssh for convenience.
3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do:
a) sudo usermod --add-subuids 100000-165536 $USER
b) sudo usermod --add-subgids 100000-165536 $USER
c) sudo chmod +x $HOME
d) create the file ~/.config/lxc/default.conf with the following contents:
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
(restart is not required)
4. Create the container with
lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
5. Install openssh-server in the container:
lxc-start -d -n p1
lxc-attach -n p1 -- apt-get install openssh-server
6. Add a user "adam" with the group sudo
lxc-attach -n p1 -- adduser adam sudo
7. Set a password for the user
8. Log in via ssh (and provide the password from step 7)
ssh p1@adam
9. On the p1:
adam@p1$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
I expected it to make change the user to root.
lxc version: 1.0.3-0ubuntu3
$cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
20141101_03:49
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions
References