trusty: adt-virt-lxc cannot read /var/lib/lxc/ when running as user
Bug #1266809 reported by
Robie Basak
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
autopkgtest (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
adt-virt-lxc assumes that the unprivileged user can see inside /var/lib/lxc in order to see when the guest container has finished booting, by detecting cloud-init's boot-finished flag.
The newest lxc package locks down /var/lib/lxc by default, so this breaks.
Hacked workaround: "sudo chmod 755 /var/lib/lxc". This reduces security of the system, but I think it should be OK on single-user systems, such as most environments where users are running adt-run.
To fix this properly, adt-virt-lxc needs to call out to sudo to check for this flag, instead of calling os.path.exists, etc.
An even nicer fix would be for lxc to have this functionality. I have filed bug 1266808 to track this.
Related branches
To post a comment you must log in.
I run adt-run as root with adt-virt-lxc, as in trusty, lxc-* now use some kind of "user mode containers" where it looks for containers in ~/.local/share/lxc/ . So that doesn't work as intended any more anyway.