Ubuntu
ubuntu-core-config package

The (administratively maintained) mapping file /etc/iproute2/rt_tables is not writeable.

Bug #1658298 reported by lukisi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
High
Jamie Strandboge
ubuntu-core-config (Ubuntu)
Fix Released
High
Oliver Grawert

Bug Description

The file /etc/iproute2/rt_tables resides on the squashfs mounted at / (root).
It is not symlinked to any writeable path, thus is not writeable.
For what I read at http://linux-ip.net/html/routing-tables.html it should be
writeable by the administrator of a system.

Revision history for this message
Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1658298] [NEW] The (administratively maintained) mapping file /etc/iproute2/rt_tables is not writeable.

It should be possible to manipulate rt_tables on Ubuntu Core.

 status: confirmed

Changed in snappy:
status: New → Confirmed
Revision history for this message
Oliver Grawert (ogra) wrote :

as a start i'll make the dir writable in the edge images.

but i think the remaining question is if we just want to make it rw in the network-control interface (the dir is already listed in the interface definition, but only in read mode) or if it makes sense to have a dedicated network-routing interface, i'll talk to the security team tomorrow to get some input on this topic.

Revision history for this message
Oliver Grawert (ogra) wrote :

done, tomorrows build on http://people.canonical.com/~ogra/snappy/all-snaps/daily/ will have the dir writable.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I think network-control is fine. It already has a ton of other rules for routing. I can update the policy for that.

tags: added: snapd-interface
Changed in snappy:
importance: Undecided → High
status: Confirmed → In Progress
Oliver Grawert (ogra)
Changed in ubuntu-core-config (Ubuntu):
status: New → Fix Committed
importance: Undecided → High
assignee: nobody → Oliver Grawert (ogra)
Jamie Strandboge (jdstrand)
Changed in snappy:
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
lukisi (luca-dionisi) wrote :

This is the workflow with which my application uses the file rt_tables.

* The administrator of a system, after the install of the application
  will be directed to modify (manually) the file rt_tables adding a
  certain range of ID numbers reserved for its tasks.
    E.g.
    # Reserved for (MY_APP)
    200 myapp_reserved_table_200
    199 myapp_reserved_table_199
    198 myapp_reserved_table_198
    ...
    # END Reserved for (MY_APP)
* The application can alter the names for those tables by directly
  altering the file rt_tables.
* The application issues 'ip' commands that involve the use of such
  names.
    E.g.
    ip rule add table mytablename
    ip route add 169.254.1.1 dev eth0 table mytablename
    ip route add 10.0.0.16/28 via 169.254.1.1 dev eth0 table mytablename

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@lukisi, thanks for your feedback! I'll make sure all of this is supported when I do the PR.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The policy changes are committed and will be part of snapd 2.22.

Changed in snappy:
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.22.

Changed in snappy:
status: Fix Committed → Fix Released
Changed in ubuntu-core-config (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.