container root directory has broken permissions with tight umask and --keep-data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
While fixing autopkgtest for tight umasks (http://
$ sudo -i
# umask 077
# lxc-start-ephemeral --keep-data -o adt-utopic
[... boots ... ]
adt-utopic-9x0b7tw_ login: ubuntu
Password:
Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.16.0-14-generic x86_64)
* Documentation: https:/
Unable to cd to '/home/ubuntu'
then it fails and goes back to the login prompt. This is because of
$ sudo lxc-attach -n adt-utopic-9x0b7tw_
root@adt-
drwx------ 1 root root 4096 Sep 10 14:23 /
apparently the container overlay root directory is created with the host umask, and thus any non-root process in the container can't execute anything due to / having 0700 permissions only.
This is with LXC 1.1.0~alpha1-
Changed in lxc (Ubuntu): | |
importance: | Undecided → Low |
description: | updated |
Changed in lxc (Ubuntu): | |
status: | New → Confirmed |
BTW, I have added a workaround to autopkgtest, so this isn't a blocker for me.