Ubuntu
lxc package

LXC's preserve_ns fails on < 3.8 kernels

  1. Trusty (14.04)
  2. Bug #1516971
Bug #1516971 reported by Jean-Baptiste Lallement
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
Critical
Unassigned
lxc (Ubuntu)
Fix Released
High
Stéphane Graber
Trusty
Fix Released
High
Stéphane Graber
Vivid
Fix Released
High
Stéphane Graber
Wily
Fix Released
High
Stéphane Graber
Xenial
Fix Released
High
Stéphane Graber

Bug Description

== SRU ==
Rationale: LXC no longer starts on kernels > 3.2 and < 3.8
Test case: Try starting an LXC container on an affected kernel
Regression potential: Can't really get any worse. Change has been reviewed and tested upstream.

== Original bug report ==
ubuntu-touch/devel-proposed/mako 350

After flashing the device the boot hangs on the vendor logo.
There is no crash file on the device but it seems that the android container fails to start.

There is the following error in syslog
Nov 17 08:33:15 ubuntu-phablet kernel: [ 8.694826] init: lxc-android-config main process (918) terminated with status 255

and in upstart/android.log:
      lxc-start 1447749195.286 ERROR lxc_start - start.c:preserve_ns:149 - No such file or directory - failed to open '/proc/1055/ns/mnt'
      lxc-start 1447749195.286 ERROR lxc_start - start.c:lxc_spawn:993 - failed to store namespace references
      lxc-start 1447749195.408 ERROR lxc_start - start.c:__lxc_start:1192 - failed to spawn 'android'
      lxc-start 1447749195.758 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
      lxc-start 1447749195.758 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.

See original description

CVE References

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

likely a duplicate of bug 1516037

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

The device boots successfully after downgrading to 1.1.4-0ubuntu3
lxc
liblxc1
python3-lxc

Jean-Baptiste Lallement (jibel)
Changed in canonical-devices-system-image:
importance: Undecided → Critical
Changed in lxc (Ubuntu):
assignee: nobody → Stéphane Graber (stgraber)
Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Wily):
assignee: nobody → Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Vivid):
assignee: nobody → Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Trusty):
assignee: nobody → Stéphane Graber (stgraber)
status: New → Triaged
Changed in lxc (Ubuntu Vivid):
status: New → Triaged
Changed in lxc (Ubuntu Wily):
status: New → Triaged
Changed in lxc (Ubuntu Xenial):
status: New → Triaged
Changed in lxc (Ubuntu Trusty):
importance: Undecided → High
Changed in lxc (Ubuntu Vivid):
importance: Undecided → High
Changed in lxc (Ubuntu Wily):
importance: Undecided → High
Changed in lxc (Ubuntu Xenial):
importance: Undecided → High
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: New → Confirmed
Revision history for this message
Stéphane Graber (stgraber) wrote :

This affects LXC 1.1.5 and LXC 1.0.8, so both current stable releases. A fix is being worked on upstream.

Stéphane Graber (stgraber)
summary: - devel-proposed mako 350 - android lxc container fails to start
+ LXC's preserve_ns fails on < 3.8 kernels
Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Xenial):
status: Triaged → Fix Committed
Stéphane Graber (stgraber)
description: updated
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Jean-Baptiste, or anyone else affected,

Accepted lxc into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/1.1.5-0ubuntu0.15.10.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Wily):
status: Triaged → Fix Committed
tags: added: verification-needed
Changed in lxc (Ubuntu Vivid):
status: Triaged → Fix Committed
Revision history for this message
Chris J Arges (arges) wrote :

Hello Jean-Baptiste, or anyone else affected,

Accepted lxc into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/1.1.5-0ubuntu0.15.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Chris J Arges (arges) wrote :

Hello Jean-Baptiste, or anyone else affected,

Accepted lxc into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/1.0.8-0ubuntu0.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Trusty):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.1.5-0ubuntu3

---------------
lxc (1.1.5-0ubuntu3) xenial; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
    - Fix process title rewrite to not mangle the environment. (LP: #1517107)

 -- Stéphane Graber <email address hidden> Wed, 18 Nov 2015 13:30:41 -0500

Changed in lxc (Ubuntu Xenial):
status: Fix Committed → Fix Released
Jean-Baptiste Lallement (jibel)
Changed in canonical-devices-system-image:
status: Confirmed → Fix Released
Stéphane Graber (stgraber)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.0.8-0ubuntu0.3

---------------
lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)

lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
    (LP: #1429140)
    - Changelog at: https://linuxcontainers.org/lxc/news/
  * Drop proxy detection from the autopkgtest exercise script.
  * Add patch:
    - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
      This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
      It updates the upstream CVE fix to the version which trusty ended
      up with after the few round of fixes.

 -- Stéphane Graber <email address hidden> Wed, 18 Nov 2015 13:42:07 -0500

Changed in lxc (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Stéphane Graber (stgraber) wrote : Update Released

The verification of the Stable Release Update for lxc has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.1.5-0ubuntu0.15.04.3

---------------
lxc (1.1.5-0ubuntu0.15.04.3) vivid-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
    - Fix process title rewrite to not mangle the environment. (LP: #1517107)

lxc (1.1.5-0ubuntu0.15.04.2) vivid-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.1.5-0ubuntu0.15.04.1) vivid-proposed; urgency=medium

  * New upstream bugfix release (MRE) (1.1.5)
    (LP: #1497420, LP: #1436723, LP: #1441068, LP: #1504496,
     LP: #1466458, LP: #1510619)
  * Drop proxy detection from the autopkgtest exercise script.

 -- Stéphane Graber <email address hidden> Wed, 18 Nov 2015 13:41:23 -0500

Changed in lxc (Ubuntu Vivid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.1.5-0ubuntu0.15.10.3

---------------
lxc (1.1.5-0ubuntu0.15.10.3) wily-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
    - Fix process title rewrite to not mangle the environment. (LP: #1517107)

lxc (1.1.5-0ubuntu0.15.10.2) wily-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.1.5-0ubuntu0.15.10.1) wily-proposed; urgency=medium

  * New upstream bugfix release (MRE) (1.1.5)
    (LP: #1497420, LP: #1441068, LP: #1466458, LP: #1510619)
  * Drop proxy detection from the autopkgtest exercise script.

 -- Stéphane Graber <email address hidden> Wed, 18 Nov 2015 13:40:28 -0500

Changed in lxc (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.