2014-05-01 16:07:03 |
Serge Hallyn |
bug |
|
|
added bug |
2014-05-01 16:09:13 |
Serge Hallyn |
nominated for series |
|
Ubuntu Trusty |
|
2014-05-01 16:09:13 |
Serge Hallyn |
bug task added |
|
lxc (Ubuntu Trusty) |
|
2014-05-01 16:09:13 |
Serge Hallyn |
nominated for series |
|
Ubuntu Utopic |
|
2014-05-01 16:09:13 |
Serge Hallyn |
bug task added |
|
lxc (Ubuntu Utopic) |
|
2014-05-01 16:09:26 |
Serge Hallyn |
bug task added |
|
cgmanager (Ubuntu) |
|
2014-05-01 16:09:36 |
Serge Hallyn |
cgmanager (Ubuntu Trusty): status |
New |
Fix Committed |
|
2014-05-01 16:09:40 |
Serge Hallyn |
cgmanager (Ubuntu Trusty): importance |
Undecided |
High |
|
2014-05-01 16:09:43 |
Serge Hallyn |
cgmanager (Ubuntu Utopic): importance |
Undecided |
High |
|
2014-05-01 16:09:46 |
Serge Hallyn |
lxc (Ubuntu Trusty): importance |
Undecided |
High |
|
2014-05-01 16:09:51 |
Serge Hallyn |
lxc (Ubuntu Utopic): importance |
Undecided |
High |
|
2014-05-01 16:09:55 |
Serge Hallyn |
cgmanager (Ubuntu Utopic): status |
New |
Confirmed |
|
2014-05-01 16:10:00 |
Serge Hallyn |
lxc (Ubuntu Trusty): status |
New |
Confirmed |
|
2014-05-01 16:10:04 |
Serge Hallyn |
lxc (Ubuntu Utopic): status |
New |
Triaged |
|
2014-05-08 19:13:11 |
Serge Hallyn |
cgmanager (Ubuntu Utopic): status |
Confirmed |
Fix Released |
|
2014-05-08 19:13:37 |
Serge Hallyn |
cgmanager (Ubuntu Trusty): status |
Fix Committed |
Confirmed |
|
2014-05-08 19:18:12 |
Serge Hallyn |
description |
When using the cgroup manager, if an unprivileged user starts a container from one login session, then ssh's back in and tries lxc-attach, that will fail.
The workaround for this is simply to start a container under screen or tmux, then re-attach to that session to lxc-attach.
The proper fix is to use MovePidAbs in lxc-attach to move the current task to the 'full' (relative to proxy) cgroup of the container. This requires a new GetPidCgroupAbs method (which is in cgmanager utopic but not yet in trusty) to find out the proper cgroup to attach to. |
===============================================================
Impact: unprivileged users cannot attach to a container from a different login session
Test Case:
lxc-start -n u1 -d
ssh localhost lxc-attach -n u1 /bin/true
Regression potential: This implements a new method, so should not regress existing functionalty.
===============================================================
When using the cgroup manager, if an unprivileged user starts a container from one login session, then ssh's back in and tries lxc-attach, that will fail.
The workaround for this is simply to start a container under screen or tmux, then re-attach to that session to lxc-attach.
The proper fix is to use MovePidAbs in lxc-attach to move the current task to the 'full' (relative to proxy) cgroup of the container. This requires a new GetPidCgroupAbs method (which is in cgmanager utopic but not yet in trusty) to find out the proper cgroup to attach to. |
|
2014-05-08 19:18:58 |
Serge Hallyn |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2014-05-09 15:03:13 |
Graham C |
bug |
|
|
added subscriber Graham C |
2014-05-12 16:30:03 |
Brian Murray |
cgmanager (Ubuntu Trusty): status |
Confirmed |
Fix Committed |
|
2014-05-12 16:30:09 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2014-05-12 16:30:12 |
Brian Murray |
tags |
|
verification-needed |
|
2014-05-12 16:58:34 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/cgmanager |
|
2014-05-14 15:26:00 |
Serge Hallyn |
tags |
verification-needed |
verification-done |
|
2014-05-20 02:41:11 |
Launchpad Janitor |
cgmanager (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2014-05-20 02:41:24 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2014-05-20 16:11:55 |
Serge Hallyn |
lxc (Ubuntu Utopic): status |
Triaged |
Fix Committed |
|
2014-06-13 19:28:48 |
Stéphane Graber |
lxc (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
2014-06-18 01:59:22 |
Chris Halse Rogers |
lxc (Ubuntu Trusty): status |
Confirmed |
Fix Committed |
|
2014-06-18 01:59:28 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2014-06-18 01:59:35 |
Chris Halse Rogers |
tags |
verification-done |
|
|
2014-06-18 01:59:36 |
Chris Halse Rogers |
tags |
|
verification-needed |
|
2014-06-23 16:31:44 |
Stéphane Graber |
tags |
verification-needed |
verification-done |
|
2014-06-24 18:19:58 |
Launchpad Janitor |
lxc (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|