Filesystem mount from lxc template causes filesystem permission breakages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Critical
|
Tim Penhey | ||
linux (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
postgresql (Juju Charms Collection) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine.
Unfortunately, this causes filesystem permissions to screw up.
juju deploy ubuntu
juju ssh ubuntu/0
sudo chown ubuntu:ubuntu /etc/ssl/private
ls /etc/ssl/private
That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem.
This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory.
Related branches
- Juju Engineering: Pending requested
-
Diff: 175 lines (+22/-42)4 files modifiedprovider/local/config.go (+6/-6)
provider/local/environ.go (+3/-2)
provider/local/environprovider.go (+1/-5)
provider/local/environprovider_test.go (+12/-29)
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → Critical |
tags: | added: local-provider lxc regression |
Changed in juju-core: | |
milestone: | none → 1.17.6 |
Changed in juju-core: | |
status: | In Progress → Fix Committed |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
Changed in postgresql (Juju Charms Collection): | |
status: | New → Invalid |
no longer affects: | lxc |
This isn't an aufs permission bug it seems.