libguestfs doesn't work on Ubuntu without root permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Invalid
|
Medium
|
Alexei Sheplyakov | ||
8.0.x |
Won't Fix
|
Medium
|
MOS Ceph | ||
Mitaka |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Environment: rc1 6.1, ubuntu, 1 compute, 1 controller, neutron, cinder, qemu.
Steps to reproduce:
1) Install extra packages on compute:
root@node-2:~# dpkg --list | grep guestfs
ii libguestfs-perl 1:1.24.5-1 amd64
ii libguestfs-tools 1:1.24.5-1 amd64
ii libguestfs0:amd64 1:1.24.5-1 amd64
ii python-guestfs 1:1.24.5-1 amd64
2) execute:
update-
3) start nova-compute as root user and boot vm
http://
4) start nova-compute as nova user and boot vm
http://
Expected result:
In cases 3 and 4: correct boot with mounted filesystem
Actual result:
In case 3: correct boot with mounted filesystem
In case 4: incorrect boot with unmounted filesystem with this error:
/usr/bin/
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /var/tmp/
libguestfs: trace: launch = -1 (error)
2015-06-22 14:09:39.693 12311 DEBUG nova.virt.disk.api [-] Unable to mount image /var/lib/
Related bug: "The kernel is no longer readable by non-root users"
Ubuntu
We don't have a full time Ubuntu maintainer, and the packages supplied by Canonical (which are outside our control) are sometimes broken.
Canonical decided to change the permissions on the kernel so that it's not readable except by root.
http://
Changed in fuel: | |
assignee: | nobody → MOS Linux (mos-linux) |
importance: | Undecided → Medium |
description: | updated |
summary: |
- Libguestfs doesn't work on ubuntu without root rights + libguestfs doesn't work on Ubuntu without root permissions |
Changed in fuel: | |
assignee: | MOS Linux (mos-linux) → Alexei Sheplyakov (asheplyakov) |
Changed in fuel: | |
milestone: | 7.0 → 8.0 |
tags: | added: mos-linux |
tags: | added: area-mos |
> /usr/bin/ supermin- helper: open: /boot/vmlinuz- 3.13.0- 55-generic: Permission denied
That's a feature
$ ls -la /boot/vmlinuz- 3.13.0- 55-generic 3.13.0- 55-generic
-rw------- 1 root root 5821888 Jun 14 22:28 /boot/vmlinuz-
Unreadable kernel image blocks the class of attacks carried out by script kiddies and automated systems that expect
to be able to look up symbols locally and make exploits totally portable to all kernel versions.