permission denied in "/var/lib/lxcfs/cgroup/[memory-blkio-devices]" when querying /var with command such as : find,du,ls, ...
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxcfs (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
[Impact]
* Getting a permission denied when querying "/var" using commands such as : find, du, ls, .... complaining about permission denied in "/var/lib/
[Test Case]
* On a Xenial/Zesty machine with lxcfs installed (<=2.0.
# find /var -name "foo"
..
find: ‘/var/lib/
find: ‘/var/lib/
find: ‘/var/lib/
...
# du -hs /var
..
du: cannot access '/var/lib/
du: cannot access '/var/lib/
36G /var
..
# ls -altr /var/lib/
ls: cannot access '/var/lib/
ls: cannot access '/var/lib/
total 0
?????????? ? ? ? ? ? devices.deny
?????????? ? ? ? ? ? devices.allow
[Regression Potential]
* None expected, change is trivial and already in lxcfs GitHub upstream src code
[https:/
[Other Info]
* Commit ID : 4117b6c bindings: allow getattr on O_WRONLY files
* Commit URL : https:/
summary: |
- permission denied in "/var/lib/lxcfs/cgroup/[memory-blkio-devices" when + permission denied in "/var/lib/lxcfs/cgroup/[memory-blkio-devices]" when querying /var with command such as : find,du,ls, ... |
After having apply the upstream commit[1]:
# du -hs /var
36G /var
# find /var -name "foo"
# ls -altr /var/lib/ lxcfs/cgroup/ devices/ clone_children sane_behavior
total 0
drwxr-xr-x 2 root root 0 Jan 13 08:28 ..
drwxr-xr-x 2 root root 0 Jan 13 08:28 .
-rw-r--r-- 1 root root 0 Jan 13 08:28 tasks
-rw-r--r-- 1 root root 0 Jan 13 08:28 cgroup.procs
--w------- 1 root root 0 Jan 13 08:28 devices.allow
-rw-r--r-- 1 root root 0 Jan 13 08:28 release_agent
-rw-r--r-- 1 root root 0 Jan 13 08:28 cgroup.
-r--r--r-- 1 root root 0 Jan 13 08:28 cgroup.
-rw-r--r-- 1 root root 0 Jan 13 08:28 notify_on_release
--w------- 1 root root 0 Jan 13 08:28 devices.deny
-r--r--r-- 1 root root 0 Jan 13 08:28 devices.list
drwxr-xr-x 2 root root 0 Jan 13 08:28 machine
drwxr-xr-x 2 root root 0 Jan 13 08:28 init.scope
drwxr-xr-x 2 root root 0 Jan 13 08:28 system.slice
drwxr-xr-x 2 root root 0 Jan 13 08:28 user.slice
[1] - 4117b6c bindings: allow getattr on O_WRONLY files