unable to launch lxc application containers when dropping cap_sysadmin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
Quantal |
Won't Fix
|
Undecided
|
Unassigned | ||
Raring |
Won't Fix
|
Undecided
|
Unassigned | ||
Saucy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
=======
SRU Justification
1. Impact: cannot lxc-execute a container without cap_sys_admin
2. Development fix: don't fail if lxc-init cannot mount /proc
3. Stable fix: same as development fix.
4. Test case:
sudo lxc-create -t ubuntu-cloud -n c1
sudo lxc-start -n c1
(log in)
sudo apt-get -y install --no-install-
sudo poweroff
sudo lxc-execcute -n c1 -s lxc.cap.
5. Regression potential: none
=======
Using the 0.8.0~rc1 lxc release, it was possible to start an application container with the lxc.cap.
I've attached the debug output of # lxc-execute -o foo -l DEBUG -n foo -s lxc.cap.
Release: 12.04.3 with HWE, Kernel 3.8.0-32-generic #47~precise1-Ubuntu SMP Wed Oct 2 16:19:35 UTC 2013 x86_64
LXC version: 1.0.0~alpha1-
Related branches
description: | updated |
description: | updated |
Changed in lxc (Ubuntu Precise): | |
status: | New → Won't Fix |
I can't reproduce this on precise with the ubuntu-lxc daily ppa, on 3.2 kernel.
Could you try installing ppa:ubuntu- lxc/daily and see if that fixes it for you?
It's possible this is a bug in the backport version only, that the newer kernel is doing something unexpected, or that something is wrong in the container itself. I don't see anything in the debug output, unfortunately, to help pin it down.