lxc-start exits success on failure when non-root in daemon mode

Bug #918327 reported by Scott Moser
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released

Bug Description

$ sudo lxc-create -t ubuntu -n lv1
$ lxc-start -n lv1 -d
$ echo $?
$ lxc-ls
$ lxc-list


I would have expected an error message when trying to start a container that I did not have acl to start.
instead, lxc-start exited success (0) and gave no output.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lxc 0.7.5-3ubuntu5
ProcVersionSignature: User Name 3.2.0-8.15-virtual 3.2.0
Uname: Linux 3.2.0-8-virtual x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Wed Jan 18 18:11:17 2012
Ec2AMI: ami-0000012b
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
 PATH=(custom, user)
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Revision history for this message
Scott Moser (smoser) wrote :
Revision history for this message
Scott Moser (smoser) wrote :

Another (likely related) issue, after using sudo to start the container, observe:

$ lxc-ls
$ sudo lxc-start -n lv1 -d
$ lxc-ls
/usr/bin/lxc-ls: line 35: cd: /sys/fs/cgroup/cpuset///lxc: Permission denied
ls: cannot access lv1: No such file or directory
$ sudo lxc-ls
$ sudo lxc-list


So, as it is now after starting the container 'sudo lxxc-ls' shows 2 containers, but 'lxc-ls' (without sudo) shows annoying messages.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Indeed that should be fixed. Thanks for the bug report.

Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Ok, I'm actually not sure what we should do about this.

'-d' doesn't just mean don't show a console, it means daemonize. It does this by calling daemon(3), which forks(), lets the child continue, and exits success.

We could toss extra checks in before the call to daemon(3) to check for privilege, but there are plenty of other reasons why the start could fail.

So it seems we can do one of two things:

  1. rewrite lxc-start so that it manually forks and waits for a message from the lxc monitor saying the container started, and only then exit

  2. tell users that 'lxc-start -d' provides no information about the success of starting the container, and that if you care, you should call something like

   lxc-wait -n container -s RUNNING

     after the lxc-start to make sure it succeeded.

summary: - lxc-start exits success on failure when non-root
+ lxc-start exits success on failure when non-root in daemon mode
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu26

lxc (0.8.0~rc1-4ubuntu26) quantal; urgency=low

  * 0100-template-cleanup-cache: clean up template cache if interrupted
    during build. (LP: #1037331)
  * 0101-template-empty-apt-cache: do an apt-cache clean after creating
    a new cache. (LP: #1037626)
  * 0102-lxc-start-d-check-privs: exit early (with failure) if starting a
    daemonized container with insufficient privilege. (LP: #918327)
  * 0103-make-rootfs-location-optional: allow custom location for a
    container rootfs to be specified. (LP: #1019398)
 -- Serge Hallyn <email address hidden> Fri, 17 Aug 2012 09:44:02 -0500

Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.