[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
** No longer affects: lxc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Fix Released Status in linux package in Ubuntu: Confirmed Status in postgresql package in Juju Charms Collection: Invalid Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
** Changed in: postgresql (Juju Charms Collection) Status: New = Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Fix Released Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: Invalid Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
** Changed in: juju-core Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Fix Released Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
** Changed in: juju-core Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Fix Committed Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
A naieve test of aufs directly shows that chown and chmod do cause a copy up of the underlying files as expected. In the read only layer before chmod/chown: drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D1 drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D2 drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D3 In the mount after: drwxrwxr-x 2 sbuild sbuild 4096 Mar 18 09:16 D1 drwxrwxrwx 2 apwapw4096 Mar 18 09:16 D2 drwxrwxrwx 2 apwapw4096 Mar 18 09:16 D3 The underlying permissions remain unchanged after these operations. This all seems semantically correct. I need a description of how we are using aufs in these this scenario (in comment #2), for instance are we modifing the actual underlying files while mounted which would be a no-no. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
Ok a more refined reproducer shows that this is an issue triggered by different permissions on the various layers. Although the directory is reported correctly the permissions for each layer are used on that layer to control who can actually see the contents of the directory. If you cannot rx the lower levels you cannot read the directory at all. This is a deliberate design decision. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
Thanks, that is a great reproducer. Note that doing rm -rf /etc/ssl/private mkdir /etc/ssl/private works around this, and explains why this *may* in fact be on purpose. If you only do sudo chown ubuntu:ubuntu /etc/ssl/private then the underlying directory is still owned by root and not readable by ubuntu. So this could be seen as allowing for an information leak, although it seems like a stretch to me since root has to do the chown in the first place. It wasn't immediately obvious to me where in the code (linux/ubuntu/aufs/) this is happening. ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Triaged Status in lxc containers: New Status in “linux” package in Ubuntu: Incomplete Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
@Tim, is rmdir/mkdir an acceptable workaround for juju (ie can we lower priority of the bug) or will that not be doable? ** Changed in: lxc Status: New = Confirmed ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed ** Changed in: linux (Ubuntu) Importance: Undecided = Medium ** Changed in: lxc Importance: Undecided = Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Triaged Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
17:07 infinity hallyn: Well, that certainly shouldn't change the permissions on the underlying dir, as that's immutable. 17:07 infinity hallyn: But copying up, changing permissions, and using that copy would seem sane. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: Triaged Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
@Serge, while it may be a work around for some, it certainly is going to be a problem in the big picture. We are running code written by others (juju hooks). I'm going to submit a branch to juju to disable aufs by default, but enable the setting so people can try it out. ** Branch linked: lp:~thumper/juju-core/local-provider-aufs-default-off ** Changed in: juju-core Status: Triaged = In Progress ** Changed in: juju-core Assignee: (unassigned) = Tim Penhey (thumper) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
Shouldn't aufs catch a chmod to a directory that isn't in the delta and copy it across? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1293549] Re: Filesystem mount from lxc template causes filesystem permission breakages
or a chown -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp