I can confirm that lxc from noble-proposed has fixed the bug for me.
Test done:
install lxc and follow the testplan with the lxc.conf to confirm that it
still fails to run.
Added noble-proposed to apt sources.
install lxc from noble-proposed.
Follow the testplan and use lxc with the lxc.conf to use host rootfs as a
shared rootfs and confirm there is no failure and the output from 'ls' is
displayed.
Package tested:
$ apt-cache policy lxc
lxc:
Installed: 1:5.0.3-2ubuntu7.1
Candidate: 1:5.0.3-2ubuntu7.1
Version table:
*** 1:5.0.3-2ubuntu7.1 100
100 http://gb.archive.ubuntu.com/ubuntu noble-proposed/universe amd64
Packages
100 /var/lib/dpkg/status
1:5.0.3-2ubuntu7 500
500 http://gb.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
** Tags removed: verification-needed verification-needed-oracular
** Tags added: verification-done verification-done-oracular
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2081762
Title:
[SRU] lxc-excecute NULL pointer dereference causes segfault when
sharing rootfs with host
Status in lxc:
Fix Released
Status in lxc package in Ubuntu:
Fix Released
Status in lxc source package in Noble:
Fix Committed
Status in lxc source package in Oracular:
Fix Committed
Status in lxc source package in Plucky:
Fix Released
Status in lxc package in Debian:
New
Bug description:
[ Impact ]
lxc-execute will crash with a segfault if the user tries to use the
host rootfs as a shared rootfs.
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr
Segmentation fault
[ Test Plan ]
install lxc
$ cat > lxc.conf <<EOF
lxc.uts.name=lxc-test-1
lxc.net.0.type = empty
lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.mount.auto = proc:rw sys cgroup
lxc.autodev = 1
EOF
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr
If the package is fixed, it will display output from 'ls'.
[ Where problems could occur ]
This is an upstream patch which is only checking if a pointer is not
NULL before dereferencing it. There is no other change in the code
apart from this pointer check. There is very minimum chance of any
regression due to this change.
[ Other Info ]
It is now fixed in Plucky.
Even though Debian has an updated 1:6.0.2-1, but the issue is still
reproducible on Debian.
[ Original Bug Description ]
lsb_release -rd:
Description: Ubuntu 24.04.1 LTS
Release: 24.04
lxc-start --version: 5.0.3
Issue: lxc-execute segfaults when using a shared host rootfs due to a
NULL pointer deference.
In lxc/src/lxc/conf.c - lines 339 - 344
The call to lxc_storage_prepare detects no rootfs path and returns
without calling storage_init
In lxc/src/lxc/conf.c - lines 293 - 310
leaving rootfs->storage null.
Then dereferencing rootfs->storage->type causes a segfault.
Steps to reproduce:
1. use lxc.conf:
lxc.uts.name=lxc-test-1
lxc.net.0.type = empty
lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.mount.auto = proc:rw sys cgroup
lxc.autodev = 1
2. Run:
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev
Segmentation fault
I've attached a patch as a possible fix. Running the same example
above with the patch applied runs without crashing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lxc/+bug/2081762/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
