[Kernel-packages] [Bug 1357588] Re: 3.13.0-24 broke nested unprivileged LXC

Mon, 09 Nov 2015 12:06:42 -0800 

** Changed in: linux (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1357588

Title:
  3.13.0-24 broke nested unprivileged LXC

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  The recent security update kernel broke nested unprivileged LXC containers as 
those attempt to do the following:
  access("/usr/lib/x86_64-linux-gnu/lxc/dev/console", F_OK) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_BIND, NULL) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_REMOUNT|MS_BIND, NULL) = -1 EPERM (Operation not permitted)

  The user visible error looks like:
  lxc-start: Operation not permitted - failed to mount '/dev/console' on 
'/usr/lib/x86_64-linux-gnu/lxc/dev/console'
  lxc-start 1408142401.327 DEBUG    lxc_conf - remounting /dev/console on 
/usr/lib/x86_64-linux-gnu/lxc/dev/console to respect bind or remount options
  lxc-start 1408142401.327 ERROR    lxc_conf - Operation not permitted - failed 
to mount '/dev/console' on '/usr/lib/x86_64-linux-gnu/lxc/dev/console'

  Followed by a complete failure to start the container.
  access("/usr/lib/x86_64-linux-gnu/lxc/dev/console", F_OK) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_BIND, NULL) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_REMOUNT|MS_BIND, 
NULaccess("/usr/lib/x86_64-linux-gnu/lxc/dev/console", F_OK) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_BIND, NULL) = 0
  mount("/dev/console", "/usr/lib/x86_64-linux-gnu/lxc/dev/console", 
0x7fff406cd9e9, MS_REMOUNT|MS_BIND, NULL) = -1 EPERM (Operation not permitted)
  L) = -1 EPERM (Operation not permitted)

  As far as I can tell, LXC isn't doing anything particularly wrong
  there and this should succeed. Serge suggested we attempt to pass
  MS_NODEV to the remount call but that didn't help either.

  There are good chances the following upstream patch fixes this:
  http://lkml.org/lkml/2014/8/13/746

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357588/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to