Ubuntu
libvirt package

  1. Bug #1709224
  2. Activity log

Activity log for bug #1709224

Date Who What changed Old value New value Message
2017-08-08 02:28:17 yuanzhicao bug added bug
2017-08-08 02:28:28 yuanzhicao libvirt (Ubuntu): status New Confirmed
2017-08-08 02:30:20 yuanzhicao description Environments: System: zesty libvirt version: 2.5.0-3ubuntu5 vm rootfs release: ubuntu:16.04 Reproduce: 1. Run command "virsh -c lxc:// start vm" and the release of vm is xenial 2. Run command "pa aux|grep init" ,you would find the pid of init launch by vm. 3. Run command "virsh -c lxc:// destroy vm". 4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you would find that vm is shutoff, but the init process launch by vm is still running. Infact I have found the case of this bug, there is a patch after 1.3.1 that import this bug. Cgroups inside container does't hide parent, so the process of container can change it own cgroup to another cgroup. lxc destroy process by read cgroup tasks file,if process change it own cgroup,it can't destroy container process normally. Commit: dc576025c360a1d2c89da410d0f3f0da55d0143f [dc57602] Parents: 511e7c5bba Author: Daniel P. Berrange <berrange@redhat.com> Date: 2016年1月23日 GMT+8 上午12:07:18 Commit Date: 2016年1月27日 GMT+8 上午12:11:32 lxc: don't try to hide parent cgroups inside container Environments: System: zesty libvirt version: 2.5.0-3ubuntu5 vm rootfs release: ubuntu:16.04 Reproduce: 1. Run command "virsh -c lxc:// start vm" and the release of vm is xenial 2. Run command "pa aux|grep init" ,you would find the pid of init launch by vm. 3. Run command "virsh -c lxc:// destroy vm". 4. Run command "virsh -c lxc:// list --all" and "ps aux|grep init" ,you could find that vm is shutoff, but the init process launch by vm is still running. Infact I have found the case of this bug, there is a patch after 1.3.1 that import this bug. ------------------------------------------------------------- Commit: dc576025c360a1d2c89da410d0f3f0da55d0143f [dc57602] Parents: 511e7c5bba Author: Daniel P. Berrange <berrange@redhat.com> Date: 2016年1月23日 GMT+8 上午12:07:18 Commit Date: 2016年1月27日 GMT+8 上午12:11:32 lxc: don't try to hide parent cgroups inside container ------------------------------------------------------------- Cgroups inside container does't hide parent, so the process of container can change it own cgroup to another cgroup. lxc destroy process by read cgroup tasks file,if process change it own cgroup,it can't destroy container process normally.
2017-08-08 07:24:39 Christian Ehrhardt  nominated for series Ubuntu Xenial
2017-08-08 07:24:39 Christian Ehrhardt  bug task added libvirt (Ubuntu Xenial)
2017-08-08 07:24:45 Christian Ehrhardt  libvirt (Ubuntu): status Confirmed Fix Released
2017-08-15 15:14:25 Christian Ehrhardt  libvirt (Ubuntu Xenial): status New Incomplete
2017-09-06 11:58:18 Christian Ehrhardt  libvirt (Ubuntu Xenial): status Incomplete Invalid