Ubuntu
lxc package

Permission denied when creating semaphore in ubuntu-cloud container

Bug #1353734 reported by Andreas Hasenack
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Deployed a precise host on canonistack, then a precise container inside that host:
andreas@nsn7:~$ juju status
environment: andreas-canonistack2
machines:
  "0":
    agent-state: started
    agent-version: 1.20.3
    dns-name: 10.55.32.177
    instance-id: b898eee8-9aef-4e6c-9749-dce73f490dc6
    instance-state: ACTIVE
    series: precise
    containers:
      0/lxc/0:
        agent-state: started
        agent-version: 1.20.3
        dns-name: 10.0.3.118
        instance-id: juju-machine-0-lxc-0
        series: precise
        hardware: arch=amd64
    hardware: arch=amd64 cpu-cores=1 mem=1024M root-disk=10240M
    state-server-member-status: has-vote
services:
  ubuntu-precise:
    charm: cs:precise/ubuntu-4
    exposed: false
    units:
      ubuntu-precise/0:
        agent-state: started
        agent-version: 1.20.3
        machine: 0/lxc/0
        public-address: 10.0.3.118

Test script:

andreas@nsn7:~$ juju ssh ubuntu-precise/0 'python -c "from multiprocessing import synchronize; synchronize.Lock()"'
Warning: Permanently added '10.55.32.177' (ECDSA) to the list of known hosts.
Warning: Permanently added '10.0.3.118' (ECDSA) to the list of known hosts.
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/multiprocessing/synchronize.py", line 147, in __init__
    SemLock.__init__(self, SEMAPHORE, 1, 1)
  File "/usr/lib/python2.7/multiprocessing/synchronize.py", line 75, in __init__
    sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)
OSError: [Errno 13] Permission denied
Connection to 10.0.3.118 closed.
ERROR subprocess encountered error code 1

On the precise host:
root@juju-andreas-canonistack2-machine-0:~# ls -la /dev/shm
lrwxrwxrwx 1 root root 8 Aug 6 21:51 /dev/shm -> /run/shm

root@juju-andreas-canonistack2-machine-0:~# grep shm /proc/mounts
none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0

root@juju-andreas-canonistack2-machine-0:~# dpkg-query -W sysvinit-utils lxc
lxc 1.0.0~alpha1-0ubuntu14.1~ctools0
sysvinit-utils 2.88dsf-13.10ubuntu11.1

On the precise container:
root@juju-machine-0-lxc-0:~# ls -la /dev/shm
total 8
drwxr-xr-x 2 root root 4096 Jul 17 07:05 .
drwxr-xr-x 6 root root 4096 Aug 6 22:19 ..

root@juju-machine-0-lxc-0:~# grep shm /proc/mounts
none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0
root@juju-machine-0-lxc-0:~#

Both are precise 12.04.5. The host was image b898eee8-9aef-4e6c-9749-dce73f490dc6 from canonistack's lcy02 region.

Tags: landscape
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I did the same deployment with the local provider, on my trusty host, and the precise container allowed that python snipped to be executed as a regular user without problems.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for submitting this bug. The problem is due to /run/shm not existing in the cloud images.

The ubuntu-cloud image fixes the /dev/shm by doing:

    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
        mv $rootfs/dev/shm $rootfs/dev/shm.bak
        ln -s /run/shm $rootfs/dev/shm
    fi

The second test fails because $rootfs/run/shm does not exist.

Since /run/shm will be created at runtime, I see no reason not to drop the second part
of the test. I'll suggest that to the list - there may be reasons I'm not considering.

summary: - Permission denied when creating semaphore in container
+ Permission denied when creating semaphore in ubuntu-cloud container
Changed in lxc (Ubuntu):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.1.0~alpha2-0ubuntu2

---------------
lxc (1.1.0~alpha2-0ubuntu2) utopic; urgency=medium

  * Cherry-pick usptream bugfix for lxc-usernic test.
 -- Stephane Graber <email address hidden> Thu, 02 Oct 2014 15:01:56 -0400

Changed in lxc (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.