Enable user namespaces in Lucid server kernel

Bug #509808 reported by Constantin-Marius Moisescu on 2010-01-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Wishlist
Andy Whitcroft

Bug Description

Please enable CONFIG_USER_NS (user namespaces) in the Ubuntu Lucid server kernel. All the other namespace options are already enabled, except user namespaces. All namespace options are necessary for LXC containers to function properly.

Kernel version:

cmm@ull:~$ uname -a
Linux ull 2.6.32-10-server #14-Ubuntu SMP Thu Jan 7 17:38:11 UTC 2010 x86_64 GNU/Linux

Observed behaviour:

cmm@ull:~$ grep -i _ns /boot/config-$(uname -r)
CONFIG_CGROUP_NS=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
# CONFIG_USER_NS is not set
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NSC_FIR=m
CONFIG_PATA_NS87410=y
CONFIG_PATA_NS87415=y
CONFIG_NS83820=m
CONFIG_GAMEPORT_NS558=m
CONFIG_NSC_GPIO=m
CONFIG_TCG_NSC=m
CONFIG_NCPFS_NFS_NS=y
CONFIG_NCPFS_OS2_NS=y

Expected behaviour:

cmm@ull:~$ grep -i _ns /boot/config-$(uname -r)
CONFIG_CGROUP_NS=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NSC_FIR=m
CONFIG_PATA_NS87410=y
CONFIG_PATA_NS87415=y
CONFIG_NS83820=m
CONFIG_GAMEPORT_NS558=m
CONFIG_NSC_GPIO=m
CONFIG_TCG_NSC=m
CONFIG_NCPFS_NFS_NS=y
CONFIG_NCPFS_OS2_NS=y

ProblemType: Bug
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
AplayDevices: aplay: device_list:223: no soundcards found...
Architecture: amd64
ArecordDevices: arecord: device_list:223: no soundcards found...
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/dsp', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1p', '/dev/snd/midiC0D0', '/dev/snd/seq', '/dev/snd/timer', '/dev/sequencer2', '/dev/sequencer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Date: Tue Jan 19 14:47:06 2010
DistroRelease: Ubuntu 10.04
HibernationDevice: RESUME=UUID=f821f985-6f85-4210-835b-49a59f32f5e5
InstallationMedia: Error: [Errno 13] Permission denied: '/var/log/installer/media-info'
IwConfig:
 lo no wireless extensions.

 eth0 no wireless extensions.

 br0 no wireless extensions.
Lsusb:
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: VMware, Inc. VMware Virtual Platform
Package: linux-image-2.6.32-10-server 2.6.32-10.14
ProcCmdLine: BOOT_IMAGE=//vmlinuz-2.6.32-10-server root=/dev/mapper/hostname-root ro quiet splash
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-10.14-server
Regression: No
RelatedPackageVersions: linux-firmware 1.28
Reproducible: Yes
RfKill:

SourcePackage: linux
Tags: lucid needs-upstream-testing
TestedUpstream: No
Uname: Linux 2.6.32-10-server x86_64
dmi.bios.date: 09/18/2009
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd09/18/2009:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.

CVE References

Stéphane Graber (stgraber) wrote :

I forgot to ask for that parameter when I filed the initial bug for LXC support.
It'd be appreciated if that one could be turned on too so we have a full LXC support in Lucid.

Thanks.

Changed in linux (Ubuntu):
status: New → Triaged
importance: Undecided → Wishlist
milestone: none → lucid-alpha-3
tags: added: kconfig
Andy Whitcroft (apw) wrote :

@stephane which bug did we do that support under? To complete the history.

Stéphane Graber (stgraber) wrote :

That was Bug #480739

Andy Whitcroft (apw) on 2010-01-27
tags: removed: needs-upstream-testing
Changed in linux (Ubuntu):
assignee: nobody → Andy Whitcroft (apw)
status: Triaged → In Progress
Andy Whitcroft (apw) on 2010-01-27
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (4.5 KiB)

This bug was fixed in the package linux - 2.6.32-12.16

---------------
linux (2.6.32-12.16) lucid; urgency=low

  [ Andy Whitcroft ]

  * Revert "SAUCE: acpi battery -- delay first lookup of the battery until
    first use"
  * SAUCE: acpi battery -- move first lookup asynchronous
    - LP: #507211
  * [Config] update configs to cleanup generic configs
  * [Config] disable CONFIG_X86_CPU_DEBUG for amd64
  * [Config] enable USER_NS
    - LP: #480739, #509808

  [ Heiko Carstens ]

  * (pre-stable) driver-core: fix devtmpfs crash on s390
    - LP: #512370

  [ John Johansen ]

  * [Config] for server and virtual flavours make CONFIG_SCSI_SYM53C8XX_2=y
    - LP: #494565
  * [Config] VIRTIO=y for server/virtual flavours
    - LP: #494565

  [ Kay Sievers ]

  * (pre-stable) Driver-Core: devtmpfs - set root directory mode to 0755
    - LP: #512370

  [ Kees Cook ]

  * SAUCE: x86: brk away from exec rand area
    - LP: #452175

  [ Leann Ogasawara ]

  * [Upstream] e1000: enhance frame fragment detection
    - CVE-2009-4536
  * [Upstream] e1000e: enhance frame fragment detection
    - CVE-2009-4538

  [ Sebastian Kapfer ]

  * (pre-stable) Input: ALPS - add interleaved protocol support (Dell E6x00
    series)
    - LP: #296610

  [ Upstream Kernel Changes ]

  * inotify: do not reuse watch descriptors
    - LP: #485556
  * inotify: only warn once for inotify problems
  * revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC
    Framebuffer"
  * memcg: ensure list is empty at rmdir
  * drm/i915: remove loop in Ironlake interrupt handler
  * block: Fix incorrect reporting of partition alignment
  * x86, mce: Thermal monitoring depends on APIC being enabled
  * futexes: Remove rw parameter from get_futex_key()
  * page allocator: update NR_FREE_PAGES only when necessary
  * x86, apic: use physical mode for IBM summit platforms
  * edac: i5000_edac critical fix panic out of bounds
  * x86: SGI UV: Fix mapping of MMIO registers
  * mfd: WM835x GPIO direction register is not locked
  * mfd: Correct WM835x ISINK ramp time defines
  * ALSA: hda - Fix missing capture mixer for ALC861/660 codecs
  * V4L/DVB (13868): gspca - sn9c20x: Fix test of unsigned.
  * reiserfs: truncate blocks not used by a write
  * HID: add device IDs for new model of Apple Wireless Keyboard
  * PCI/cardbus: Add a fixup hook and fix powerpc
  * Input: pmouse - move Sentelic probe down the list
  * asus-laptop: add Lenovo SL hotkey support
  * sched: Fix cpu_clock() in NMIs, on !CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  * sparc64: Fix NMI programming when perf events are active.
  * sparc64: Fix Niagara2 perf event handling.
  * i2c: Do not use device name after device_unregister
  * i2c/pca: Don't use *_interruptible
  * serial/8250_pnp: add a new Fujitsu Wacom Tablet PC device
  * sched: Fix task priority bug
  * vfs: Fix vmtruncate() regression
  * Linux 2.6.32.5
  * x86, msr/cpuid: Register enough minors for the MSR and CPUID drivers
  * V4L/DVB (13900): gspca - sunplus: Fix bridge exchanges.
  * Staging: asus_oled: fix oops in 2.6.32.2
  * Staging: hv: fix smp problems in the hyperv core code
  * tty: fix race in tty_fasync
  * ecryptfs: use after free
  * ecryptfs: initi...

Read more...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints