Permissions mangled when creating rootfs from cloud images
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | lxc (Ubuntu) |
High
|
Serge Hallyn | ||
| | Precise |
High
|
Unassigned | ||
| | Quantal |
High
|
Unassigned | ||
| | Raring |
High
|
Serge Hallyn | ||
Bug Description
=======
1. Impact: cloud image creations can fail. This causes juju with local provider to fail.
2. Development fix: use --numeric-owner when un-tarring ubuntu images, to make sure that /home/ubuntu in the container is owned by the right ubuntu userid.
3. Stable fix: same as the development fix
4. Test case:
1. add an ubuntu user if one does not yet exist on the host - make sure it is not uid 1000
2. lxc-create -t ubuntu-cloud -n c1 -- -r precise
3. check /home/ubuntu in the container - it will be owned by the ubuntu userid on the host.
Additionally, when starting c1, you will be unable to log in as user ubuntu.
5. Regression potential: this should introduce no regressions, as it only makes sure that the owners of files in the container match the username-userid mapping in the container's password file.
=======
Permissions on the created lxc container somehow are reflecting the users /etc/password file:
ubuntu@
landscape:
ubuntu@
total 12
drwxr-xr-x 2 root root 4096 Oct 12 17:48 ./
drwxr-xr-x 86 root root 4096 Oct 12 17:47 ../
-rw------- 1 999 root 164 Oct 12 17:48 client.conf
ubuntu@
Connection to 10.0.3.143 closed.
dpb@starbuck:
landscape:
dpb@starbuck:
My hunch is where the tar happens from the mount of the downloaded image in lxc/templates/
Related branches
- Serge Hallyn: Approve on 2012-10-15
- Ubuntu branches: Pending requested 2012-10-12
-
Diff: 70 lines (+30/-1)5 files modified.pc/applied-patches (+1/-0)
debian/changelog (+7/-0)
debian/patches/0225-ubuntu-cloud-numeric-owner (+20/-0)
debian/patches/series (+1/-0)
templates/lxc-ubuntu-cloud.in (+1/-1)
| David Britton (dpb) wrote : | #1 |
| Changed in lxc (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Serge Hallyn (serge-hallyn) wrote : | #2 |
Thanks, the fix has been pulled into the source tree, but will have to wait for quantal-proposed and r to open up.
| Changed in lxc (Ubuntu Quantal): | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in lxc (Ubuntu Precise): | |
| importance: | Undecided → High |
| status: | New → Triaged |
| description: | updated |
Hello David, or anyone else affected,
Accepted lxc into quantal-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in lxc (Ubuntu Quantal): | |
| status: | Triaged → Fix Committed |
| tags: | added: verification-needed |
| Stéphane Graber (stgraber) wrote : | #4 |
Fix works fine here.
| tags: |
added: verification-done removed: verification-needed |
| Clint Byrum (clint-fewbar) wrote : | #5 |
Hello David, or anyone else affected,
Accepted lxc into precise-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in lxc (Ubuntu Precise): | |
| status: | Triaged → Fix Committed |
| tags: | removed: verification-done |
| tags: | added: verification-needed |
| Serge Hallyn (serge-hallyn) wrote : | #6 |
Verification done in quantal.
| tags: |
added: verification-done removed: verification-needed |
| tags: |
added: verification-done-quantal verification-needed-precise removed: verification-done |
| description: | updated |
| Adam Conrad (adconrad) wrote : Update Released | #7 |
The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.
| Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu38
---------------
lxc (0.8.0~
[ Scott Moser ]
* 0225-ubuntu-
filesystems with tar (LP: #1066084)
[ Serge Hallyn ]
* Remove 0224-ubuntu-
-- Serge Hallyn <email address hidden> Wed, 24 Oct 2012 11:12:42 -0500
| Changed in lxc (Ubuntu Quantal): | |
| status: | Fix Committed → Fix Released |
| tags: |
added: verification-done-precise removed: verification-needed-precise |
| Launchpad Janitor (janitor) wrote : | #9 |
This bug was fixed in the package lxc - 0.7.5-3ubuntu65
---------------
lxc (0.7.5-3ubuntu65) precise-proposed; urgency=low
* Add proper fix (X001-lxc-
containers multiple times. (LP: #1043018)
lxc (0.7.5-3ubuntu64) precise-proposed; urgency=low
[ Serge Hallyn ]
* lxc.lxc-
containers. (LP: #1045947)
* 0204-ubuntu-
path is passed into '--userdata' argument. (LP: #1043582)
* 0205-lxc-
output format of lxc-ls. (LP: #1043018)
* lxc-start-
* 0222-debian-
(LP: #1052972)
* 0100-template-
during build. (LP: #1037331)
[ Scott Moser ]
* 0225-ubuntu-
filesystems with tar (LP: #1066084)
-- Serge Hallyn <email address hidden> Wed, 07 Nov 2012 11:03:36 -0600
| Changed in lxc (Ubuntu Precise): | |
| status: | Fix Committed → Fix Released |
| Changed in lxc (Ubuntu Raring): | |
| assignee: | nobody → Serge Hallyn (serge-hallyn) |
| Launchpad Janitor (janitor) wrote : | #10 |
This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu44
---------------
lxc (0.8.0~
[ Scott Moser ]
* 0225-ubuntu-
filesystems with tar (LP: #1066084)
[ Serge Hallyn ]
* Remove 0224-ubuntu-
* 0226-add-
* 0227-ubuntu-
template (LP: #1076031)
-- Serge Hallyn <email address hidden> Mon, 26 Nov 2012 10:11:00 -0600
| Changed in lxc (Ubuntu Raring): | |
| status: | Triaged → Fix Released |
The following fixes the problem:
dpb@starbuck:
/usr/share/
dpb@starbuck:
344c344
< tar -zxf $cache/$filename
---
> tar --numeric-owner -zxf $cache/$filename