Cannot mount proc in unprivileged containers if /proc/xen is mounted
Bug #1607374 reported by
Seth Forshee
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee | ||
Xenial |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact: The xenfs filesystem is traditionally mounted at /proc/xen in xen guests. This directory doesn't use the special "create proc mountpoint" interface and thus fails the permanently empty test in fs_fully_visible(). This causes mounting of proc to fail in user namespace containers.
Fix: Use the special proc interface to make this a "permanently empty" directory.
Regression potential: This change will make it impossible to create files within /proc/xen, but since the directory is only ever used as a mount point this should not cause any problems.
Original bug report and testing results can be found at https:/
tags: | added: patch |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- xenial' to 'verification- done-xenial' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!