Ubuntu
autopkgtest package

trusty: adt-virt-lxc cannot read /var/lib/lxc/ when running as user

Bug #1266809 reported by Robie Basak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
autopkgtest (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

adt-virt-lxc assumes that the unprivileged user can see inside /var/lib/lxc in order to see when the guest container has finished booting, by detecting cloud-init's boot-finished flag.

The newest lxc package locks down /var/lib/lxc by default, so this breaks.

Hacked workaround: "sudo chmod 755 /var/lib/lxc". This reduces security of the system, but I think it should be OK on single-user systems, such as most environments where users are running adt-run.

To fix this properly, adt-virt-lxc needs to call out to sudo to check for this flag, instead of calling os.path.exists, etc.

An even nicer fix would be for lxc to have this functionality. I have filed bug 1266808 to track this.

Related branches

lp:debian/autopkgtest
Revision history for this message
Martin Pitt (pitti) wrote :

I run adt-run as root with adt-virt-lxc, as in trusty, lxc-* now use some kind of "user mode containers" where it looks for containers in ~/.local/share/lxc/ . So that doesn't work as intended any more anyway.

Changed in autopkgtest (Ubuntu):
importance: Undecided → Low
status: New → Triaged
summary: - adt-virt-lxc fails on Trusty
+ trusty: adt-virt-lxc cannot read /var/lib/lxc/ when running as user
Revision history for this message
Martin Pitt (pitti) wrote :

http://anonscm.debian.org/gitweb/?p=autopkgtest/autopkgtest.git;a=commitdiff;h=e271f770

Changed in autopkgtest (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package autopkgtest - 2.6.1

---------------
autopkgtest (2.6.1) unstable; urgency=medium

  * adt-virt-lxc: Call lxc-config through sudo as well like all the other LXC
    commands. This fixes running adt-run as user with the LXC runner.
  * adt-run: For copydown(), always chown the testbed files to the non-root
    user (if available). This fixes a "Permission denied" error with the
    schroot or LXC runners and --unbuilt-tree if the source tree has tight
    permissions. (LP: #1266811)
  * Adjust LxcRunner.test_tree_built_binaries to also work with current apt
    (similar to commit 5798b7f for the schroot runner).
  * adt-virt-lxc: Call "sudo test" and "sudo readlink" instead of os.lexists()
    and os.readlink() as recent LXC now makes the default container dir
    /var/lib/lxc not readably by non-users. Fixes running adt-virt-lxc/adt-run
    as user. (LP: #1266809)
  * Add test for --binary with --built-tree.
  * adt-run.1: Clarify and fix some wrong and misleading documentation what
    happens with debs produced by source packages and specified with --binary.
    (LP: #1175557)

 -- Martin Pitt <email address hidden> Wed, 29 Jan 2014 06:53:16 +0100

Changed in autopkgtest (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.