Ubuntu
lxc package

Permissions mangled when creating rootfs from cloud images

  1. Quantal (12.10)
  2. Bug #1066084
Bug #1066084 reported by David Britton
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Serge Hallyn
Precise
Fix Released
High
Unassigned
Quantal
Fix Released
High
Unassigned
Raring
Fix Released
High
Serge Hallyn

Bug Description

==============================
1. Impact: cloud image creations can fail. This causes juju with local provider to fail.
2. Development fix: use --numeric-owner when un-tarring ubuntu images, to make sure that /home/ubuntu in the container is owned by the right ubuntu userid.
3. Stable fix: same as the development fix
4. Test case:
 1. add an ubuntu user if one does not yet exist on the host - make sure it is not uid 1000
 2. lxc-create -t ubuntu-cloud -n c1 -- -r precise
 3. check /home/ubuntu in the container - it will be owned by the ubuntu userid on the host.
 Additionally, when starting c1, you will be unable to log in as user ubuntu.
5. Regression potential: this should introduce no regressions, as it only makes sure that the owners of files in the container match the username-userid mapping in the container's password file.
==============================

Permissions on the created lxc container somehow are reflecting the users /etc/password file:

ubuntu@dpb-local-landscape-client-0:~$ cat /etc/passwd |grep landscape
landscape:x:104:109::/var/lib/landscape:/bin/false
ubuntu@dpb-local-landscape-client-0:~$ ll /etc/landscape
total 12
drwxr-xr-x 2 root root 4096 Oct 12 17:48 ./
drwxr-xr-x 86 root root 4096 Oct 12 17:47 ../
-rw------- 1 999 root 164 Oct 12 17:48 client.conf
ubuntu@dpb-local-landscape-client-0:~$ logout
Connection to 10.0.3.143 closed.

dpb@starbuck:dpb-local$ cat /etc/passwd |grep landscape
landscape:x:999:999::/var/lib/landscape:/bin/false
dpb@starbuck:dpb-local$

My hunch is where the tar happens from the mount of the downloaded image in lxc/templates/lxc-ubuntu-cloud

See original description

Related branches

lp:~smoser/ubuntu/quantal/lxc/lp-1066084
Serge Hallyn: Approve
Ubuntu branches: Pending requested
Diff: 70 lines (+30/-1)
5 files modified
.pc/applied-patches (+1/-0)
debian/changelog (+7/-0)
debian/patches/0225-ubuntu-cloud-numeric-owner (+20/-0)
debian/patches/series (+1/-0)
templates/lxc-ubuntu-cloud.in (+1/-1)
lp:ubuntu/precise-proposed/lxc
lp:ubuntu/quantal-proposed/lxc
lp:ubuntu/precise-updates/lxc
Revision history for this message
David Britton (dpb) wrote :

The following fixes the problem:

dpb@starbuck:templates$ pwd
/usr/share/lxc/templates
dpb@starbuck:templates$ diff *.orig lxc-ubuntu-cloud
344c344
< tar -zxf $cache/$filename
---
> tar --numeric-owner -zxf $cache/$filename

Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, the fix has been pulled into the source tree, but will have to wait for quantal-proposed and r to open up.

Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu Quantal):
importance: Undecided → High
status: New → Triaged
Changed in lxc (Ubuntu Precise):
importance: Undecided → High
status: New → Triaged
description: updated
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello David, or anyone else affected,

Accepted lxc into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.8.0~rc1-4ubuntu38 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Stéphane Graber (stgraber) wrote :

Fix works fine here.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello David, or anyone else affected,

Accepted lxc into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.7.5-3ubuntu64 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Precise):
status: Triaged → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Verification done in quantal.

tags: added: verification-done
removed: verification-needed
tags: added: verification-done-quantal verification-needed-precise
removed: verification-done
description: updated
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu38

---------------
lxc (0.8.0~rc1-4ubuntu38) quantal-proposed; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
 -- Serge Hallyn <email address hidden> Wed, 24 Oct 2012 11:12:42 -0500

Changed in lxc (Ubuntu Quantal):
status: Fix Committed → Fix Released
Serge Hallyn (serge-hallyn)
tags: added: verification-done-precise
removed: verification-needed-precise
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu65

---------------
lxc (0.7.5-3ubuntu65) precise-proposed; urgency=low

  * Add proper fix (X001-lxc-ls-onelisting) for lxc-ls showing running
    containers multiple times. (LP: #1043018)

lxc (0.7.5-3ubuntu64) precise-proposed; urgency=low

  [ Serge Hallyn ]
  * lxc.lxc-net.upstart: tell iptables not to masquerate packets between
    containers. (LP: #1045947)
  * 0204-ubuntu-cloud-userdata-path: Fix broken behavior when a relative
    path is passed into '--userdata' argument. (LP: #1043582)
  * 0205-lxc-ls-manpage-document-two-lines: Document the default two-line
    output format of lxc-ls. (LP: #1043018)
  * lxc-start-ephemeral: support fedora and centos (LP: #1042431)
  * 0222-debian-dhcp3-package: fix install of debian testing containers.
    (LP: #1052972)
  * 0100-template-cleanup-cache: clean up template cache if interrupted
    during build. (LP: #1037331)

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)
 -- Serge Hallyn <email address hidden> Wed, 07 Nov 2012 11:03:36 -0600

Changed in lxc (Ubuntu Precise):
status: Fix Committed → Fix Released
Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu Raring):
assignee: nobody → Serge Hallyn (serge-hallyn)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu44

---------------
lxc (0.8.0~rc1-4ubuntu44) raring; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
  * 0226-add-lxc-autodev: implement automatic mount and populate of /dev.
  * 0227-ubuntu-cloud-parsing: fix some option parsing bugs in ubuntu-cloud
    template (LP: #1076031)
 -- Serge Hallyn <email address hidden> Mon, 26 Nov 2012 10:11:00 -0600

Changed in lxc (Ubuntu Raring):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.