cgm all should work on unbound cgroups

Bug #1317687 reported by Serge Hallyn on 2014-05-08
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cgmanager (Ubuntu)
High
Unassigned
Trusty
High
Unassigned

Bug Description

===================================================
Impact: unprivileged users may not be able to start containers
Test case: log into a system without libpam-logind installed, so that you are in cgroup /.
 sudo cgm create all c1
 sudo chown all c1 $(id -u) $(id -g)
 cgm movepid all c1 $$
 lxc-create -t download -n c1 -- -d ubuntu -r trusty -a amd64
 lxc-start -n c1
This should succeed, but will fail with warnings about the name=systemd cgroup.
===================================================

If a user does 'cgm movepid all xxx $$', they likely want to be moved into cgroup xxx for the name=systemd controller as well.

Changed in cgmanager (Ubuntu):
importance: Undecided → High
status: New → Triaged
Changed in cgmanager (Ubuntu Trusty):
importance: Undecided → High
status: New → Confirmed
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cgmanager - 0.26-0ubuntu2

---------------
cgmanager (0.26-0ubuntu2) utopic; urgency=low

  * 0001-cgm-make-all-also-reference-name-systemd.patch: make cgm all
    also act on the name=systemd container (LP: #1317687)
 -- Serge Hallyn <email address hidden> Thu, 08 May 2014 17:58:29 -0500

Changed in cgmanager (Ubuntu):
status: Triaged → Fix Released

Hello Serge, or anyone else affected,

Accepted cgmanager into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/cgmanager/0.24-0ubuntu6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cgmanager (Ubuntu Trusty):
status: Confirmed → Fix Committed
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cgmanager - 0.24-0ubuntu6

---------------
cgmanager (0.24-0ubuntu6) trusty-proposed; urgency=low

  * 0002-exit-on-startup-error: Don't proceed to accept client connections
    if we failed to connect to the server. (LP: #1317693)
  * 0003-proxy-wait-2-seconds-for-server-reply: do not wait indefinately
    for replies from the cgmanager, as it may have crashed. (LP: #1317623)
  * 0004-Implement-getpidcgroupabs.patch: Provide a way for clients to
    query absolute paths which can be used with MovePidAbs (LP: #1315052)
  * 0005-get_controller_path-use-the-is_same_controller-helpe.patch: Fix
    handling of name=systemd so that containers can be properly entered
    into the proper cgroup. (LP: #1315521)
  * 0006-cgm-make-all-also-reference-name-systemd.patch: make cgm all
    also act on the name=systemd container (LP: #1317687)
 -- Serge Hallyn <email address hidden> Thu, 08 May 2014 18:02:50 -0500

Changed in cgmanager (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for cgmanager has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers