Ubuntu
lxc package

lucid containers don't start on quantal hosts

Bug #1070914 reported by Serge Hallyn
272
This bug affects 3 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Serge Hallyn
Quantal
Fix Released
High
Unassigned
Raring
Fix Released
High
Serge Hallyn

Bug Description

Because devtmpfs is now mounted in containers, and /dev/shm is a symlink in devtmpfs, lucid containers now fail to start.

======================================
SRU Justification:
1. Impact: newly created lucid containers cannot be started, and changes in
the container's /dev are seen in the host's /dev.
2. Development fix: devtmpfs is removed from the container fstabs
3. Stable fix: same as development fix
4. Test case:
 1. sudo lxc-create -t ubuntu -n l1 -- -F -r lucid
 2. sudo lxc-start -n l1 -d
 3. sudo lxc-ps -n l1
    Only three tasks will show up in lxc-ps, because lxc-start will hang at
    mountall when failing to mount /dev onto a symbolic link (/dev/shm).
5. Regression potential: This will require workarounds in the cloud images
(which recently stopped including a populated /dev, and will need to do so
again). That will be fixed by utlemming by Oct 25. It also regresses a bug
in grub updates in containers. This will need to be worked around by having
update-grub detect that it is in a container, and not fail due to non-existing
/dev/root in that case.
======================================

See original description
Serge Hallyn (serge-hallyn)
description: updated
Changed in lxc (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Serge, or anyone else affected,

Accepted lxc into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.8.0~rc1-4ubuntu38 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Stéphane Graber (stgraber) wrote :

Flagging for security as the version currently in quantal basically lets a container do pretty big damage to the host and any other container by removing or messing with /dev entries.

information type: Public → Public Security
Revision history for this message
Stéphane Graber (stgraber) wrote :

Tested the fix with all supported Ubuntu relesaes. Works fine with the ubuntu template.
For the ubuntu-cloud template, quantal works but precise is still lacking /dev entries, though as mentioned, it'll be fixed with the next build so it's all good on lxc's side.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu38

---------------
lxc (0.8.0~rc1-4ubuntu38) quantal-proposed; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
 -- Serge Hallyn <email address hidden> Wed, 24 Oct 2012 11:12:42 -0500

Changed in lxc (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Patch 0224-ubuntu-templates-devtmpfs still needs to be removed from the raring package.

Changed in lxc (Ubuntu Raring):
assignee: nobody → Serge Hallyn (serge-hallyn)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu44

---------------
lxc (0.8.0~rc1-4ubuntu44) raring; urgency=low

  [ Scott Moser ]
  * 0225-ubuntu-cloud-numeric-owner: use --numeric-owner when extracting root
    filesystems with tar (LP: #1066084)

  [ Serge Hallyn ]
  * Remove 0224-ubuntu-templates-devtmpfs (LP: #1070914)
  * 0226-add-lxc-autodev: implement automatic mount and populate of /dev.
  * 0227-ubuntu-cloud-parsing: fix some option parsing bugs in ubuntu-cloud
    template (LP: #1076031)
 -- Serge Hallyn <email address hidden> Mon, 26 Nov 2012 10:11:00 -0600

Changed in lxc (Ubuntu Raring):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.