OpenStack Compute (nova)

LXC bind run_as_root commands are obviously wrong

Bug #943304 reported by Thierry Carrez on 2012-02-29

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Thierry Carrez	OpenStack Compute (nova) 2012.1 "essex"
	Ubuntu	Fix Released	Undecided	Unassigned

Bug Description

The bind function (in nova/virt/disk/api.py) used by LXC calls "echo" as root in a wrong way:

utils.execute('echo', '>', cgroup_info, cgroups_path, run_as_root=True)

This is wrong because:
* The order for the parameters is wrong
* The command is not interpreted by shell so this doesn't actually redirect anything to cgroups_path
* There is no rootwrap filter allowing 'echo' to be run as root

Somehow I doubt it works as expected. This should use tee with process_input instead, as in various other places in the same file.

Tags:

Thierry Carrez (ttx) on 2012-02-29

Changed in nova:
assignee:	nobody → Chuck Short (zulcss)
status:	Confirmed → In Progress

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-03-14:

Might have a shot at it if Chuck doesn't fix it before

tags:

added: essex-rc-potential

Thierry Carrez (ttx) on 2012-03-15

Changed in nova:
assignee:	Chuck Short (zulcss) → Thierry Carrez (ttx)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-15: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5389

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-15: Fix merged to nova (master)

Reviewed: https://review.openstack.org/5389
Committed: http://github.com/openstack/nova/commit/51b3510387cafec87e39c2a52e8578a66f3488d4
Submitter: Jenkins
Branch: master

commit 51b3510387cafec87e39c2a52e8578a66f3488d4
Author: Thierry Carrez <email address hidden>
Date: Thu Mar 15 10:58:57 2012 +0100

Fix LXC volume attach issue

Fix erroneous use of echo to set permissions on LXC volume access.
Fixes bug 943304.

    Note that based on input from the duplicate bug (948193), we set:
    b x:x rwm
    to /sys/fs/cgroup/devices/libvirt/lxc/x/devices.allow

    instead of:
    c x:x rwm
    to /sys/fs/cgroup/devices/sysdefault/libvirt/lxc/x/devices.allow

Change-Id: Ia048d3f46799839b4b85c781bb50488e09ba9b5e

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2012-03-20

Changed in nova:
milestone:	none → essex-rc1
status:	Fix Committed → Fix Released

Fabio Marconi (fabiomarconi) on 2012-04-03

Changed in ubuntu:
status:	New → Fix Released

Thierry Carrez (ttx) on 2012-04-05

Changed in nova:
milestone:	essex-rc1 → 2012.1

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #948193

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.