| 2013-08-22 11:40:22 |
Andre Nathan |
bug |
|
|
added bug |
| 2013-08-22 11:41:27 |
Andre Nathan |
tags |
|
lxc |
|
| 2013-08-22 11:50:51 |
Michel Machado |
bug |
|
|
added subscriber Michel Machado |
| 2013-08-22 11:51:30 |
Launchpad Janitor |
lxc (Ubuntu): status |
New |
Confirmed |
|
| 2013-08-23 15:19:10 |
Serge Hallyn |
lxc (Ubuntu): importance |
Undecided |
High |
|
| 2013-08-26 09:59:29 |
Launchpad Janitor |
lxc (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2013-08-29 19:18:22 |
Brian Murray |
nominated for series |
|
Ubuntu Raring |
|
| 2013-08-29 19:18:22 |
Brian Murray |
bug task added |
|
lxc (Ubuntu Raring) |
|
| 2013-08-29 19:18:28 |
Brian Murray |
lxc (Ubuntu Raring): status |
New |
Triaged |
|
| 2013-08-29 19:18:30 |
Brian Murray |
lxc (Ubuntu Raring): importance |
Undecided |
Medium |
|
| 2013-08-29 20:09:13 |
Serge Hallyn |
description |
When starting a container that has 'lxc.aa_profile = unconfined' on its configuration file, lxc-start fails with
lxc-start: Read-only file system - failed to change apparmor profile to unconfined
This happens because the buffer used by lxc-start to read the process' apparmor profile from /proc/<PID>/attr/current is not properly NULL-terminated. A patch for this has been applied upstream and is available at https://github.com/lxc/lxc/commit/626ad11bfee3e12e675f51e92920030a6f383b19
Ubuntu Release: Ubuntu 13.04
lxc package version: 0.9.0-0ubuntu3.4 |
=======================
SRU information
1. Impact: failure to start unconfined containers.
2. Development fix: make sure that the buffer into which we read the current container is \0-terminated
3. Stable fix: same as development fix
4. Test case:
sudo lxc-create -t ubuntu -n x1
sudo sed -i '/lxc.aa_profile/d' /var/lib/lxc/x1/config
echo "lxc.aa_profile = unconfined" >> /var/lib/lxc/x1/config
sudo lxc-start -n x1
Unfortunately since the bug depends on a badly formed stack it can be hard to reproduce
5. Regression potential: there should be none, we are only setting the buffer to all zeros before we read into it.
========================
When starting a container that has 'lxc.aa_profile = unconfined' on its configuration file, lxc-start fails with
lxc-start: Read-only file system - failed to change apparmor profile to unconfined
This happens because the buffer used by lxc-start to read the process' apparmor profile from /proc/<PID>/attr/current is not properly NULL-terminated. A patch for this has been applied upstream and is available at https://github.com/lxc/lxc/commit/626ad11bfee3e12e675f51e92920030a6f383b19
Ubuntu Release: Ubuntu 13.04
lxc package version: 0.9.0-0ubuntu3.4 |
|
| 2013-08-29 20:12:51 |
Serge Hallyn |
description |
=======================
SRU information
1. Impact: failure to start unconfined containers.
2. Development fix: make sure that the buffer into which we read the current container is \0-terminated
3. Stable fix: same as development fix
4. Test case:
sudo lxc-create -t ubuntu -n x1
sudo sed -i '/lxc.aa_profile/d' /var/lib/lxc/x1/config
echo "lxc.aa_profile = unconfined" >> /var/lib/lxc/x1/config
sudo lxc-start -n x1
Unfortunately since the bug depends on a badly formed stack it can be hard to reproduce
5. Regression potential: there should be none, we are only setting the buffer to all zeros before we read into it.
========================
When starting a container that has 'lxc.aa_profile = unconfined' on its configuration file, lxc-start fails with
lxc-start: Read-only file system - failed to change apparmor profile to unconfined
This happens because the buffer used by lxc-start to read the process' apparmor profile from /proc/<PID>/attr/current is not properly NULL-terminated. A patch for this has been applied upstream and is available at https://github.com/lxc/lxc/commit/626ad11bfee3e12e675f51e92920030a6f383b19
Ubuntu Release: Ubuntu 13.04
lxc package version: 0.9.0-0ubuntu3.4 |
=======================
SRU information
1. Impact: failure to start unconfined containers.
2. Development fix: make sure that the buffer into which we read the current container is \0-terminated
3. Stable fix: same as development fix
4. Test case:
sudo lxc-create -t ubuntu -n x1
sudo sed -i '/lxc.aa_profile/d' /var/lib/lxc/x1/config
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/x1/config
sudo lxc-start -n x1
Unfortunately since the bug depends on a badly formed stack it can be hard to reproduce
5. Regression potential: there should be none, we are only setting the buffer to all zeros before we read into it.
========================
When starting a container that has 'lxc.aa_profile = unconfined' on its configuration file, lxc-start fails with
lxc-start: Read-only file system - failed to change apparmor profile to unconfined
This happens because the buffer used by lxc-start to read the process' apparmor profile from /proc/<PID>/attr/current is not properly NULL-terminated. A patch for this has been applied upstream and is available at https://github.com/lxc/lxc/commit/626ad11bfee3e12e675f51e92920030a6f383b19
Ubuntu Release: Ubuntu 13.04
lxc package version: 0.9.0-0ubuntu3.4 |
|
| 2013-08-29 20:41:18 |
Brian Murray |
lxc (Ubuntu Raring): status |
Triaged |
Fix Committed |
|
| 2013-08-29 20:41:20 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2013-08-29 20:41:27 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2013-08-29 20:41:35 |
Brian Murray |
tags |
lxc |
lxc verification-needed |
|
| 2013-09-10 14:53:29 |
Serge Hallyn |
tags |
lxc verification-needed |
lxc verification-done |
|
| 2013-09-10 22:32:39 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lxc |
|
| 2013-10-03 20:15:30 |
Launchpad Janitor |
lxc (Ubuntu Raring): status |
Fix Committed |
Fix Released |
|
| 2013-10-03 20:15:38 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
