Permissions mangled when creating rootfs from cloud images

Bug #1066084 reported by David Britton on 2012-10-12
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
High
Serge Hallyn
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Serge Hallyn

Bug Description

==============================
1. Impact: cloud image creations can fail. This causes juju with local provider to fail.
2. Development fix: use --numeric-owner when un-tarring ubuntu images, to make sure that /home/ubuntu in the container is owned by the right ubuntu userid.
3. Stable fix: same as the development fix
4. Test case:
 1. add an ubuntu user if one does not yet exist on the host - make sure it is not uid 1000
 2. lxc-create -t ubuntu-cloud -n c1 -- -r precise
 3. check /home/ubuntu in the container - it will be owned by the ubuntu userid on the host.
 Additionally, when starting c1, you will be unable to log in as user ubuntu.
5. Regression potential: this should introduce no regressions, as it only makes sure that the owners of files in the container match the username-userid mapping in the container's password file.
==============================

Permissions on the created lxc container somehow are reflecting the users /etc/password file:

ubuntu@dpb-local-landscape-client-0:~$ cat /etc/passwd |grep landscape
landscape:x:104:109::/var/lib/landscape:/bin/false
ubuntu@dpb-local-landscape-client-0:~$ ll /etc/landscape
total 12
drwxr-xr-x 2 root root 4096 Oct 12 17:48 ./
drwxr-xr-x 86 root root 4096 Oct 12 17:47 ../
-rw------- 1 999 root 164 Oct 12 17:48 client.conf
ubuntu@dpb-local-landscape-client-0:~$ logout
Connection to 10.0.3.143 closed.

dpb@starbuck:dpb-local$ cat /etc/passwd |grep landscape
landscape:x:999:999::/var/lib/landscape:/bin/false
dpb@starbuck:dpb-local$

My hunch is where the tar happens from the mount of the downloaded image in lxc/templates/lxc-ubuntu-cloud

Related branches

David Britton (davidpbritton) wrote :

The following fixes the problem:

dpb@starbuck:templates$ pwd
/usr/share/lxc/templates
dpb@starbuck:templates$ diff *.orig lxc-ubuntu-cloud
344c344
< tar -zxf $cache/$filename
---
> tar --numeric-owner -zxf $cache/$filename

Changed in lxc (Ubuntu):
status: New → Triaged
importance: Undecided → High
Serge Hallyn (serge-hallyn) wrote :

Thanks, the fix has been pulled into the source tree, but will have to wait for quantal-proposed and r to open up.

Changed in lxc (Ubuntu Quantal):
importance: Undecided → High
status: New → Triaged
Changed in lxc (Ubuntu Precise):
importance: Undecided → High
status: New → Triaged
description: updated

Hello David, or anyone else affected,

Accepted lxc into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.8.0~rc1-4ubuntu38 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Stéphane Graber (stgraber) wrote :

Fix works fine here.

tags: added: verification-done
removed: verification-needed
Clint Byrum (clint-fewbar) wrote :

Hello David, or anyone else affected,

Accepted lxc into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.7.5-3ubuntu64 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Precise):
status: Triaged → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Serge Hallyn (serge-hallyn) wrote :

Verification done in quantal.

tags: added: verification-done
removed: verification-needed
tags: added: verification-done-quantal verification-needed-precise
removed: verification-done
description: updated

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu38

---------------
lxc (0.8.0~rc1-4ubuntu38) quantal-proposed; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
 -- Serge Hallyn <email address hidden> Wed, 24 Oct 2012 11:12:42 -0500

Changed in lxc (Ubuntu Quantal):
status: Fix Committed → Fix Released
tags: added: verification-done-precise
removed: verification-needed-precise
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu65

---------------
lxc (0.7.5-3ubuntu65) precise-proposed; urgency=low

  * Add proper fix (X001-lxc-ls-onelisting) for lxc-ls showing running
    containers multiple times. (LP: #1043018)

lxc (0.7.5-3ubuntu64) precise-proposed; urgency=low

  [ Serge Hallyn ]
  * lxc.lxc-net.upstart: tell iptables not to masquerate packets between
    containers. (LP: #1045947)
  * 0204-ubuntu-cloud-userdata-path: Fix broken behavior when a relative
    path is passed into '--userdata' argument. (LP: #1043582)
  * 0205-lxc-ls-manpage-document-two-lines: Document the default two-line
    output format of lxc-ls. (LP: #1043018)
  * lxc-start-ephemeral: support fedora and centos (LP: #1042431)
  * 0222-debian-dhcp3-package: fix install of debian testing containers.
    (LP: #1052972)
  * 0100-template-cleanup-cache: clean up template cache if interrupted
    during build. (LP: #1037331)

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)
 -- Serge Hallyn <email address hidden> Wed, 07 Nov 2012 11:03:36 -0600

Changed in lxc (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in lxc (Ubuntu Raring):
assignee: nobody → Serge Hallyn (serge-hallyn)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu44

---------------
lxc (0.8.0~rc1-4ubuntu44) raring; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
  * 0226-add-lxc-autodev: implement automatic mount and populate of /dev.
  * 0227-ubuntu-cloud-parsing: fix some option parsing bugs in ubuntu-cloud
    template (LP: #1076031)
 -- Serge Hallyn <email address hidden> Mon, 26 Nov 2012 10:11:00 -0600

Changed in lxc (Ubuntu Raring):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers