container root directory has broken permissions with tight umask and --keep-data
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lxc (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
While fixing autopkgtest for tight umasks (http://
$ sudo -i
# umask 077
# lxc-start-ephemeral --keep-data -o adt-utopic
[... boots ... ]
adt-utopic-9x0b7tw_ login: ubuntu
Password:
Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.16.0-14-generic x86_64)
* Documentation: https:/
Unable to cd to '/home/ubuntu'
then it fails and goes back to the login prompt. This is because of
$ sudo lxc-attach -n adt-utopic-9x0b7tw_
root@adt-
drwx------ 1 root root 4096 Sep 10 14:23 /
apparently the container overlay root directory is created with the host umask, and thus any non-root process in the container can't execute anything due to / having 0700 permissions only.
This is with LXC 1.1.0~alpha1-
| Changed in lxc (Ubuntu): | |
| importance: | Undecided → Low |
| description: | updated |
| Changed in lxc (Ubuntu): | |
| status: | New → Confirmed |
| Martin Pitt (pitti) wrote | #1 |
| Serge Hallyn (serge-hallyn) wrote | #2 |
| Stéphane Graber (stgraber) wrote | #3 |
| Changed in lxc (Ubuntu): | |
| status: | Confirmed → Fix Released |
BTW, I have added a workaround to autopkgtest, so this isn't a blocker for me.