lxc-start exits success on failure when non-root in daemon mode

Bug #918327 reported by Scott Moser on 2012-01-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Low
Unassigned

Bug Description

$ sudo lxc-create -t ubuntu -n lv1
$ lxc-start -n lv1 -d
$ echo $?
0
$ lxc-ls
lv1
$ lxc-list
RUNNING

STOPPED
  lv1

I would have expected an error message when trying to start a container that I did not have acl to start.
instead, lxc-start exited success (0) and gave no output.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lxc 0.7.5-3ubuntu5
ProcVersionSignature: User Name 3.2.0-8.15-virtual 3.2.0
Uname: Linux 3.2.0-8-virtual x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Wed Jan 18 18:11:17 2012
Ec2AMI: ami-0000012b
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Scott Moser (smoser) wrote :
Scott Moser (smoser) wrote :

Another (likely related) issue, after using sudo to start the container, observe:

$ lxc-ls
lv1
$ sudo lxc-start -n lv1 -d
$ lxc-ls
lv1
/usr/bin/lxc-ls: line 35: cd: /sys/fs/cgroup/cpuset///lxc: Permission denied
ls: cannot access lv1: No such file or directory
$ sudo lxc-ls
lv1
lv1
$ sudo lxc-list
RUNNING
  lv1

STOPPED

So, as it is now after starting the container 'sudo lxxc-ls' shows 2 containers, but 'lxc-ls' (without sudo) shows annoying messages.

Serge Hallyn (serge-hallyn) wrote :

Indeed that should be fixed. Thanks for the bug report.

Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Serge Hallyn (serge-hallyn) wrote :

Ok, I'm actually not sure what we should do about this.

'-d' doesn't just mean don't show a console, it means daemonize. It does this by calling daemon(3), which forks(), lets the child continue, and exits success.

We could toss extra checks in before the call to daemon(3) to check for privilege, but there are plenty of other reasons why the start could fail.

So it seems we can do one of two things:

  1. rewrite lxc-start so that it manually forks and waits for a message from the lxc monitor saying the container started, and only then exit

  2. tell users that 'lxc-start -d' provides no information about the success of starting the container, and that if you care, you should call something like

   lxc-wait -n container -s RUNNING

     after the lxc-start to make sure it succeeded.

summary: - lxc-start exits success on failure when non-root
+ lxc-start exits success on failure when non-root in daemon mode
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu26

---------------
lxc (0.8.0~rc1-4ubuntu26) quantal; urgency=low

  * 0100-template-cleanup-cache: clean up template cache if interrupted
    during build. (LP: #1037331)
  * 0101-template-empty-apt-cache: do an apt-cache clean after creating
    a new cache. (LP: #1037626)
  * 0102-lxc-start-d-check-privs: exit early (with failure) if starting a
    daemonized container with insufficient privilege. (LP: #918327)
  * 0103-make-rootfs-location-optional: allow custom location for a
    container rootfs to be specified. (LP: #1019398)
 -- Serge Hallyn <email address hidden> Fri, 17 Aug 2012 09:44:02 -0500

Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers