upstart

setuid 1000 in guest upstart job hangs container

Bug #1388742 reported by Tycho Andersen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
upstart
New
Undecided
James Hunt

Bug Description

Hi,

When I run the following upstart job:

# myservice - myservice job file

description "vnc"
author "Me <myself@i.com>"

# Stanzas
#
# Stanzas control when and how a process is started and stopped
# See a list of stanzas here: http://upstart.ubuntu.com/wiki/Stanzas#respawn

# When to start the service
start on runlevel [2345]

# When to stop the service
stop on runlevel [016]

# Automatically restart process if crashed
respawn

# Essentially lets upstart know the process will detach itself to the background
expect fork

env HOME=/home/ubuntu

setuid 1000 # using the username here works just fine

# Start the process
exec vnc4server

the container hangs.
---
ApportVersion: 2.14.7-0ubuntu8
Architecture: amd64
BootLog:

DistroRelease: Ubuntu 14.10
NonfreeKernelModules: veth xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc dm_crypt ppdev kvm_intel kvm parport_pc pvpanic parport i2c_piix4 mac_hid serio_raw nls_utf8 isofs cirrus syscopyarea sysfillrect sysimgblt ttm drm_kms_helper psmouse drm floppy pata_acpi
Package: upstart 1.13.2-0ubuntu2
PackageArchitecture: amd64
ProcEnviron:
 TERM=rxvt-unicode
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-23-generic root=UUID=6c5a78e0-95fa-49a8-aa91-a8093d295e58 ro console=tty1 console=ttyS0
ProcVersionSignature: Ubuntu 3.16.0-23.31-generic 3.16.4
Tags: utopic
Uname: Linux 3.16.0-23-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UpstartBugCategory: System
UpstartRunningSystemVersion: init (upstart 1.13.2)
UserGroups: sudo
_MarkForUpload: True

See original description
Revision history for this message
Tycho Andersen (tycho-s) wrote :

There's more to this bug, it seems that in general whenever I make any error in an upstart job, the container hangs. Further, even with the successful job above, if I try to stop the container, it hangs with:

root 15596 0.2 0.1 35004 2716 ? Ss 10:07 0:00 lxc-start -n u1
root 15643 1.9 0.1 28936 3708 ? Ss 10:07 0:01 \_ /sbin/init
root 16306 0.0 0.0 4448 656 ? Ss 10:07 0:00 \_ /bin/sh -e /proc/self/fd/9
root 16351 0.0 0.0 4448 1580 ? S 10:07 0:00 \_ /bin/sh /etc/init.d/rc 0
root 16367 0.1 0.0 4448 1508 ? S 10:07 0:00 \_ /bin/sh /etc/rc0.d/K01sendsigs stop
root 16960 0.0 0.0 4352 816 ? S 10:07 0:00 \_ sleep 1

Steve Langasek (vorlon)
Changed in upstart:
assignee: nobody → James Hunt (jamesodhunt)
Revision history for this message
James Hunt (jamesodhunt) wrote :

man(5) shows the syntax for the setuid stanza as:

setuid USERNAME

So, clearly 'setuid 1000' is not valid and hence neither is your job. Attempting to start a job manually which specifies 'setuid 1000' fails with the error:

start: Job failed to start

I have so far been unable to recreate your hang. Please specify which versions of Ubuntu are being used inside and outside the container.

Revision history for this message
Tycho Andersen (tycho-s) wrote : Re: [Bug 1388742] Re: setuid 1000 in guest upstart job hangs container

On Nov 4, 2014 9:41 AM, "James Hunt" <email address hidden> wrote:
>
> man(5) shows the syntax for the setuid stanza as:
>
> setuid USERNAME
>
> So, clearly 'setuid 1000' is not valid and hence neither is your job.
> Attempting to start a job manually which specifies 'setuid 1000' fails
> with the error:
>
> start: Job failed to start
>
> I have so far been unable to recreate your hang. Please specify which
> versions of Ubuntu are being used inside and outside the container.

Utopic on both container and host. It does fail correctly when you do
'service start ', but it doesn't boot correctly.

>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1388742
>
> Title:
> setuid 1000 in guest upstart job hangs container
>
> Status in lxc containers:
> New
> Status in Upstart:
> New
>
> Bug description:
> Hi,
>
> When I run the following upstart job:
>
> # myservice - myservice job file
>
> description "vnc"
> author "Me <myself@i.com>"
>
> # Stanzas
> #
> # Stanzas control when and how a process is started and stopped
> # See a list of stanzas here:
http://upstart.ubuntu.com/wiki/Stanzas#respawn
>
> # When to start the service
> start on runlevel [2345]
>
> # When to stop the service
> stop on runlevel [016]
>
> # Automatically restart process if crashed
> respawn
>
> # Essentially lets upstart know the process will detach itself to the
background
> expect fork
>
> env HOME=/home/ubuntu
>
> setuid 1000 # using the username here works just fine
>
> # Start the process
> exec vnc4server
>
> the container hangs.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/lxc/+bug/1388742/+subscriptions

James Hunt (jamesodhunt)
Changed in upstart:
status: New → Incomplete
status: Incomplete → New
Revision history for this message
James Hunt (jamesodhunt) wrote :

I have created a fresh utopic amd64 container (host is running vivid), installed vnc4server and your job above, and the system is working exactly as it should .

Please specify:

- the architecture of the host.
- the architecture of the container
- whether the lxc container is privileged or not (did you run lxc-create as a non-priv user?)
- exactly how you are starting the container.
- whether you can 'lxc-console -n ...' to your container when it has appeared to hang.

It would also be useful to know if you have modified other upstart jobs in the container. Can you remove the problematic job and run the following inside your container:

$ apport-collect -p upstart 1388742

Also, if you can start your container using the command below and attach '/tmp/lxc.log' and 'typescript' to this bug report.

$ script -c 'sudo lxc-start -F -n utopic -l debug -o /tmp/lxc.log -- /sbin/init --debug'

You'll need to changer the container name (mine is called 'utopic') and if your container is non-privileged, drop the 'sudo'.

Revision history for this message
Tycho Andersen (tycho-s) wrote :

Hi James,

On Tue, Nov 04, 2014 at 10:43:05AM -0000, James Hunt wrote:
> I have created a fresh utopic amd64 container (host is running vivid),
> installed vnc4server and your job above, and the system is working
> exactly as it should .
>
> Please specify:
>
> - the architecture of the host.
> - the architecture of the container

These are both amd64.

> - whether the lxc container is privileged or not (did you run lxc-create as a non-priv user?)

This is a privileged container.

> - exactly how you are starting the container.

sudo lxc-start -n u1

> - whether you can 'lxc-console -n ...' to your container when it has appeared to hang.

Yes, I can. Also, it appears I've confused things slightly in this
thread. When I use a correct upstart configuration (i.e., one that
starts vnc), when I shut down the container it hangs with the above
process tree. The apport-collect I post will have this (valid) upstart
job in it.

> It would also be useful to know if you have modified other upstart jobs
> in the container. Can you remove the problematic job and run the
> following inside your container:
>
> $ apport-collect -p upstart 1388742
>
> Also, if you can start your container using the command below and attach
> '/tmp/lxc.log' and 'typescript' to this bug report.
>
> $ script -c 'sudo lxc-start -F -n utopic -l debug -o /tmp/lxc.log --
> /sbin/init --debug'
>
> You'll need to changer the container name (mine is called 'utopic') and
> if your container is non-privileged, drop the 'sudo'.

I've attached those files to this mail, hopefully they'll come
through.

Tycho

> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1388742
>
> Title:
> setuid 1000 in guest upstart job hangs container
>
> Status in lxc containers:
> New
> Status in Upstart:
> New
>
> Bug description:
> Hi,
>
> When I run the following upstart job:
>
> # myservice - myservice job file
>
> description "vnc"
> author "Me <myself@i.com>"
>
> # Stanzas
> #
> # Stanzas control when and how a process is started and stopped
> # See a list of stanzas here: http://upstart.ubuntu.com/wiki/Stanzas#respawn
>
> # When to start the service
> start on runlevel [2345]
>
> # When to stop the service
> stop on runlevel [016]
>
> # Automatically restart process if crashed
> respawn
>
> # Essentially lets upstart know the process will detach itself to the background
> expect fork
>
> env HOME=/home/ubuntu
>
> setuid 1000 # using the username here works just fine
>
> # Start the process
> exec vnc4server
>
> the container hangs.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/lxc/+bug/1388742/+subscriptions

Revision history for this message
Tycho Andersen (tycho-s) wrote : Dependencies.txt

apport information

tags: added: apport-collected utopic
description: updated
Revision history for this message
Tycho Andersen (tycho-s) wrote : UpstartRunningSystemJobs.txt

apport information

Stéphane Graber (stgraber)
no longer affects: lxc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.