lucid containers don't start on quantal hosts

Bug #1070914 reported by Serge Hallyn on 2012-10-24
272
This bug affects 3 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
High
Serge Hallyn
Quantal
High
Unassigned
Raring
High
Serge Hallyn

Bug Description

Because devtmpfs is now mounted in containers, and /dev/shm is a symlink in devtmpfs, lucid containers now fail to start.

======================================
SRU Justification:
1. Impact: newly created lucid containers cannot be started, and changes in
the container's /dev are seen in the host's /dev.
2. Development fix: devtmpfs is removed from the container fstabs
3. Stable fix: same as development fix
4. Test case:
 1. sudo lxc-create -t ubuntu -n l1 -- -F -r lucid
 2. sudo lxc-start -n l1 -d
 3. sudo lxc-ps -n l1
    Only three tasks will show up in lxc-ps, because lxc-start will hang at
    mountall when failing to mount /dev onto a symbolic link (/dev/shm).
5. Regression potential: This will require workarounds in the cloud images
(which recently stopped including a populated /dev, and will need to do so
again). That will be fixed by utlemming by Oct 25. It also regresses a bug
in grub updates in containers. This will need to be worked around by having
update-grub detect that it is in a container, and not fail due to non-existing
/dev/root in that case.
======================================

description: updated
Changed in lxc (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High

Hello Serge, or anyone else affected,

Accepted lxc into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.8.0~rc1-4ubuntu38 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Stéphane Graber (stgraber) wrote :

Flagging for security as the version currently in quantal basically lets a container do pretty big damage to the host and any other container by removing or messing with /dev entries.

information type: Public → Public Security
Stéphane Graber (stgraber) wrote :

Tested the fix with all supported Ubuntu relesaes. Works fine with the ubuntu template.
For the ubuntu-cloud template, quantal works but precise is still lacking /dev entries, though as mentioned, it'll be fixed with the next build so it's all good on lxc's side.

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu38

---------------
lxc (0.8.0~rc1-4ubuntu38) quantal-proposed; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
 -- Serge Hallyn <email address hidden> Wed, 24 Oct 2012 11:12:42 -0500

Changed in lxc (Ubuntu Quantal):
status: Fix Committed → Fix Released
Serge Hallyn (serge-hallyn) wrote :

Patch 0224-ubuntu-templates-devtmpfs still needs to be removed from the raring package.

Changed in lxc (Ubuntu Raring):
assignee: nobody → Serge Hallyn (serge-hallyn)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu44

---------------
lxc (0.8.0~rc1-4ubuntu44) raring; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
  * 0226-add-lxc-autodev: implement automatic mount and populate of /dev.
  * 0227-ubuntu-cloud-parsing: fix some option parsing bugs in ubuntu-cloud
    template (LP: #1076031)
 -- Serge Hallyn <email address hidden> Mon, 26 Nov 2012 10:11:00 -0600

Changed in lxc (Ubuntu Raring):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers