Public bug reported:
Right now the "makedev" postinst script will attempt to create a number
of devices in /dev, failing the package upgrade should any of those
mknod calls fail.
LXC containers, especially unprivileged ones do not allow the use of
mknod, making it impossible to upgrade makedev in those containers and
preventing Ubuntu release upgrades.
The fix is quite simple, detect that we are running in an LXC container
and skip the rest of the postinst script as is done in a number of other
cases.
= SRU
== Rationale
This issue prevents release to release upgrades in unprivileged LXC containers
when makedev is part of the upgraded set. This is currently visible when
upgrading from Ubuntu 12.04 to Ubuntu 14.04.
== Testcase
Install the new package in an unprivileged container. With LXD, simply use "lxc
launch ubuntu:<series> test" to create the container.
Prior to this fix, the upgrade will fail on some mknod errors, after it,
it'll go on after printing a message indicating that LXC was detected.
== Regression potential
The detection logic is based on PID 1's environment containing a container=lxc
entry. If a non-LXC system somehow had that set, it'd lead to the makedev
upgrade no longer creating extra devices. This is unlikely to really matter
though since the system is clearly already functioning properly at that point.
Similarly, some privileged LXC containers can be configured in a way
where mknod is possible, this update will still disable the postinst for
those cases as short of attempting every mknod ahead of time, there is
no reliable way to detect any seccomp or apparmor policy in play.
** Affects: makedev (Ubuntu)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Precise)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Trusty)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Vivid)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Xenial)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Yakkety)
Importance: High
Status: Triaged
** Affects: makedev (Ubuntu Zesty)
Importance: High
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1675163
Title:
Don't attempt to create devices in LXC containers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
