touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #49975
[Bug 1413927] Re: login name=systemd cgroup is not owned by user
> Right so the bug her eis that your session-c2.scope was created
without giving you ownership of the directory
Indeed this hasn't previously been done for the "systemd" controller; it
didn't seem necessary with previous LXC versions, but apparently is now.
Chowning the
> and the tasks and cgroup.procs files.
No, I am not going to own those to the user. This would be a (small)
privilege escalation bug, as the user could then move processes from a
less privileged session (like from ssh) to a more privileged one (like a
local desktop session). This also doesn't seem to be necessary, neither
for upstart nor systemd containers.
** Changed in: systemd (Ubuntu)
Assignee: (unassigned) => Martin Pitt (pitti)
** Description changed:
When a user logs in, systemd-logind should create cgroups for the user,
with the directory (i.e. /user.slice/user-1000.slice/session-c2.scope)
- and the tasks and cgroup.procs files (but no othes) owned by the user.
- This is no longer hapening for the name=systemd cgroup. This prevents
- containers from starting. (If lxc were to simply not create/use that
- controller, then it would prevent system in the container from using
- it).
+ owned by the user. This is no longer hapening for the name=systemd
+ cgroup. This prevents containers from starting. (If lxc were to simply
+ not create/use that controller, then it would prevent system in the
+ container from using it).
I wanted to test the new lxc with lxcfs. A system container (with
upstart or systemd) works perfectly well now (great!), but user
containers regressed:
$ lxc-create -n v1 -t download -- -d ubuntu -r vivid -a amd64
$ lxc-start -n v1 -F
lxc-start: cgmanager.c: lxc_cgmanager_enter: 694 call to cgmanager_move_pid_sync failed: invalid request
lxc-start: start.c: __lxc_start: 1099 failed to spawn 'v1'
lxc-start: lxc_start.c: main: 345 The container failed to start.
My host is running systemd, but cgmanager is running (i. e. it's not bug
1400394, I enabled cgmanager.service).
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0~rc1-0ubuntu1
ProcVersionSignature: Ubuntu 3.18.0-9.10-generic 3.18.2
Uname: Linux 3.18.0-9-generic x86_64
ApportVersion: 2.15.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 23 10:35:55 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-11-20 (63 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20141119)
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.conf: lxc.lxcpath = /srv/lxc
** Changed in: systemd (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1413927
Title:
login name=systemd cgroup is not owned by user
Status in systemd package in Ubuntu:
In Progress
Bug description:
When a user logs in, systemd-logind should create cgroups for the
user, with the directory (i.e.
/user.slice/user-1000.slice/session-c2.scope) owned by the user. This
is no longer hapening for the name=systemd cgroup. This prevents
containers from starting. (If lxc were to simply not create/use that
controller, then it would prevent system in the container from using
it).
I wanted to test the new lxc with lxcfs. A system container (with
upstart or systemd) works perfectly well now (great!), but user
containers regressed:
$ lxc-create -n v1 -t download -- -d ubuntu -r vivid -a amd64
$ lxc-start -n v1 -F
lxc-start: cgmanager.c: lxc_cgmanager_enter: 694 call to cgmanager_move_pid_sync failed: invalid request
lxc-start: start.c: __lxc_start: 1099 failed to spawn 'v1'
lxc-start: lxc_start.c: main: 345 The container failed to start.
My host is running systemd, but cgmanager is running (i. e. it's not
bug 1400394, I enabled cgmanager.service).
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0~rc1-0ubuntu1
ProcVersionSignature: Ubuntu 3.18.0-9.10-generic 3.18.2
Uname: Linux 3.18.0-9-generic x86_64
ApportVersion: 2.15.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 23 10:35:55 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-11-20 (63 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20141119)
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.conf: lxc.lxcpath = /srv/lxc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1413927/+subscriptions
References