[Touch-packages] [Bug 1831025] [NEW] apt update fails with ` 404 Not Found [IP: 91.189.95.83 80]`. Possible cause: three dots in the sources.list
Public bug reported: The following file siteated in /etc/apt/sources.d/jtaylor-ubuntu- keepass-bionic.list: deb http://ppa.launchpad.net/jtaylor/keepass/ubuntu bionic main causes sudo apt update to fail for this entry with the error: 404 Not Found [IP: 91.189.95.83 80] Full transcript: $ sudo apt update Hit:1 http://deb.playonlinux.com bionic InRelease Hit:2 http://pl.archive.ubuntu.com/ubuntu bionic InRelease Hit:3 http://ppa.launchpad.net/bookworm-team/bookworm/ubuntu bionic InRelease Hit:4 http://pl.archive.ubuntu.com/ubuntu bionic-updates InRelease Ign:5 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 InRelease Hit:6 http://pl.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:7 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 Release Hit:8 http://cran.rstudio.com/bin/linux/ubuntu bionic-cran35/ InRelease Hit:9 http://pl.archive.ubuntu.com/ubuntu bionic-proposed InRelease Ign:10 http://ppa.launchpad.net/daniel.pavel/solaar/ubuntu bionic InRelease Hit:11 https://repo.skype.com/deb stable InRelease Hit:12 http://ppa.launchpad.net/elementary-os/stable/ubuntu bionic InRelease Hit:13 http://ppa.launchpad.net/fixnix/netspeed/ubuntu bionic InRelease Hit:14 http://dl.winehq.org/wine-builds/ubuntu bionic InRelease Hit:15 http://ppa.launchpad.net/graphics-drivers/ppa/ubuntu bionic InRelease Hit:16 http://ppa.launchpad.net/jtaylor/keepass/ubuntu bionic InRelease Hit:18 http://ppa.launchpad.net/noobslab/themes/ubuntu bionic InRelease Hit:20 http://ppa.launchpad.net/team-xbmc/ppa/ubuntu bionic InRelease Hit:21 http://ppa.launchpad.net/unity7maintainers/unity7-desktop/ubuntu bionic InRelease Hit:22 http://ppa.launchpad.net/yktooo/ppa/ubuntu bionic InRelease Err:23 http://ppa.launchpad.net/daniel.pavel/solaar/ubuntu bionic Release 404 Not Found [IP: 91.189.95.83 80] Ign:17 https://attic.owncloud.com/org/download/repositories/10.0/Ubuntu_18.04 InRelease Hit:24 http://download.owncloud.org/download/repositories/10.0/Ubuntu_18.04 Release Hit:26 http://security.ubuntu.com/ubuntu bionic-security InRelease Reading package lists... Done E: The repository 'http://ppa.launchpad.net/daniel.pavel/solaar/ubuntu bionic Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Possible cause: three dots in the source confused the parser and it improperly handles TCP port. Please note, that when I connect through acng with Acquire::http::Proxy "http://192.168.10.2:3142;; the error turns into ` 404 Not Found [IP: 192.168.10.2 3142]`. Further info: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04.2 LTS Release:18.04 Codename: bionic $ uname -a Linux n56vz-bionic
[Touch-packages] [Bug 1542743] Re: Bluetooth: Patch file not found ar3k/AthrBT_0x00000200.dfu
The patch doesn't work for the 4.13 kernel from mainline ppa: $ cat /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/make.log DKMS make.log for btusb-lp1542743-0.2~4.8 for kernel 4.13.0-041300-generic (x86_64) pon, 9 paź 2017, 13:00:15 CEST make: Entering directory '/usr/src/linux-headers-4.13.0-041300-generic' AR /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/built-in.o CC [M] /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.o /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c: In function ‘inject_cmd_complete’: /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:1825:2: warning: dereferencing ‘void *’ pointer *skb_put(skb, 1) = 0x00; ^ /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:1825:2: error: invalid use of void expression /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c: In function ‘alloc_diag_urb’: /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:2697:2: warning: dereferencing ‘void *’ pointer *skb_put(skb, 1) = 0xf0; ^ /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:2697:2: error: invalid use of void expression /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:2698:2: warning: dereferencing ‘void *’ pointer *skb_put(skb, 1) = enable; ^ /var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.c:2698:2: error: invalid use of void expression scripts/Makefile.build:308: recipe for target '/var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.o' failed make[1]: *** [/var/lib/dkms/btusb-lp1542743/0.2~4.8/build/btusb.o] Error 1 Makefile:1512: recipe for target '_module_/var/lib/dkms/btusb-lp1542743/0.2~4.8/build' failed make: *** [_module_/var/lib/dkms/btusb-lp1542743/0.2~4.8/build] Error 2 make: Leaving directory '/usr/src/linux-headers-4.13.0-041300-generic' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1542743 Title: Bluetooth: Patch file not found ar3k/AthrBT_0x0200.dfu Status in bluez package in Ubuntu: Confirmed Bug description: Since some Versions of Linux Kernel and Ubuntu Releases this problem exists. I am now running ubuntu 16.04 prerelease and still have the same problem. Bluetooth does not work with the atheros device on msi gt 72 2qd notebook. WORKAROUND FOR [0CF3:3004] DEVICE ONLY with kernel 4.4: sudo apt install dkms wget https://launchpad.net/~hanipouspilot/+archive/ubuntu/bluetooth/+files/btusb-lp1542743-dkms_0.1_all.deb sudo dpkg -i btusb-lp1542743-dkms_0.1_all.deb FOR KERNEL 4.8 A WORKAROUND DKMS DEB IS https://launchpad.net/~hanipouspilot/+archive/ubuntu/bluetooth/+files /btusb-lp1542743-dkms_0.2~4.8_all.deb dmesg | grep Bluetooth: [2.655360] Bluetooth: Core ver 2.21 [2.655373] Bluetooth: HCI device and connection manager initialized [2.655377] Bluetooth: HCI socket layer initialized [2.655379] Bluetooth: L2CAP socket layer initialized [2.655385] Bluetooth: SCO socket layer initialized [6.612790] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [6.612794] Bluetooth: BNEP filters: protocol multicast [6.612798] Bluetooth: BNEP socket layer initialized [9.016880] Bluetooth: Patch file not found ar3k/AthrBT_0x0200.dfu [9.016882] Bluetooth: Loading patch file failed hwinfo | grep Bluetooth: <6>[6.612790] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 <6>[6.612794] Bluetooth: BNEP filters: protocol multicast <6>[6.612798] Bluetooth: BNEP socket layer initialized <3>[9.016880] Bluetooth: Patch file not found ar3k/AthrBT_0x0200.dfu <3>[9.016882] Bluetooth: Loading patch file failed 60: USB 00.0: 11500 Bluetooth Device Model: "Atheros AR3012 Bluetooth 4.0" Device: usb 0x3004 "AR3012 Bluetooth 4.0" ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: bluez 5.36-0ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-2.16-generic 4.4.0 Uname: Linux 4.4.0-2-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia ApportVersion: 2.19.4-0ubuntu2 Architecture: amd64 Date: Sun Feb 7 00:38:04 2016 ExecutablePath: /usr/lib/bluetooth/bluetoothd InstallationDate: Installed on 2015-10-24 (105 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) InterestingModules: bnep btusb bluetooth MachineType: Micro-Star International Co., Ltd. GT72 2QD ProcEnviron: LANG=de_DE.UTF-8 PATH=(custom, no user) ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-2-generic root=UUID=f7880b23-39b5-423a-bdbf-62b111783450 ro quiet splash SourcePackage: bluez UpgradeStatus: Upgraded to xenial on 2016-02-02 (4 days ago) dmi.bios.date: 12/19/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: E1781IMS.10I dmi.board.asset.tag: To be filled by O.E.M. dmi.board.name: MS-1781 dmi.board.vendor: Micro-Star International Co., Ltd. dmi.board.version: REV:0.C dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 10
[Touch-packages] [Bug 1540088] [NEW] NetworkManager crashes after upgrade, preventing nm-applet to show
Public bug reported: After the last upgrade of Ubuntu 14.04.3 LTS , NetworkManager keeps crashing. after `sudo service network-manager start` I get the following output in dmesg: [2016-01-31 14:28:47] traps: NetworkManager[11040] general protection ip:469fee sp:7ffc6879aa00 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11040) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11049] general protection ip:469fee sp:7ffecca7d9d0 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11049) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11062] general protection ip:469fee sp:7ffc218a9f50 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11062) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11076] general protection ip:469fee sp:7fff7f128270 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11076) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11088] general protection ip:469fee sp:7fff66528f90 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11088) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11092] general protection ip:469fee sp:7fffab819070 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11092) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11096] general protection ip:469fee sp:7ffe7aa91c20 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11096) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11100] general protection ip:469fee sp:7ffedfe81460 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11100) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11104] general protection ip:469fee sp:7ffdc475f140 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11104) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11108] general protection ip:469fee sp:7ffdeb437010 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11108) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] init: network-manager main process (2) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager respawning too fast, stopped This problem prevents me to see nm-applet, and makes me unable to connect to WiFi network. ** Affects: network-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1540088 Title: NetworkManager crashes after upgrade, preventing nm-applet to show Status in network-manager package in Ubuntu: New Bug description: After the last upgrade of Ubuntu 14.04.3 LTS , NetworkManager keeps crashing. after `sudo service network-manager start` I get the following output in dmesg: [2016-01-31 14:28:47] traps: NetworkManager[11040] general protection ip:469fee sp:7ffc6879aa00 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11040) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11049] general protection ip:469fee sp:7ffecca7d9d0 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11049) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning [2016-01-31 14:28:47] traps: NetworkManager[11062] general protection ip:469fee sp:7ffc218a9f50 error:0 in NetworkManager[40+10d000] [2016-01-31 14:28:47] init: network-manager main process (11062) killed by SEGV signal [2016-01-31 14:28:47] init: network-manager main process ended, respawning
[Touch-packages] [Bug 1417612] [NEW] Why some Fn keys (like PowerOff) are un-mappable (and how to map them anyway)?
Public bug reported: There are keys, that gets captured by the `xev` or `acpi_listen` and which does produce a valid entry in keyboard-mapping settings gui when user is asked to press it for new accelerator key, but the action is not triggered by pressing them afterwards. The most irritating example is the `PowerOff` key, but I can list other, un-named Fn+... keys. Since the GUI was able to read the key-press event, why the Ubuntu cannot actually make this key to trigger an event? I did disable Ubuntu's own PowerOff handler with `gsettings set org.gnome.settings-daemon.plugins.power button-power nothing`. How to map the PowerOff key? Actually, I need to map the PowerOff key into the End key, but I guess being able to map it to *anything* is a first step . ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: xorg 1:7.7+1ubuntu8.1 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 .tmp.unity.support.test.0: ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: compiz CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0' CompositorUnredirectFSW: true CurrentDesktop: Unity Date: Tue Feb 3 15:23:58 2015 DistUpgraded: Fresh install DistroCodename: trusty DistroVariant: ubuntu EcryptfsInUse: Yes ExtraDebuggingInterest: Yes GraphicsCard: Intel Corporation 4th Gen Core Processor Integrated Graphics Controller [8086:0416] (rev 06) (prog-if 00 [VGA controller]) Subsystem: ASUSTeK Computer Inc. Device [1043:185d] InstallationDate: Installed on 2014-04-04 (304 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Daily amd64 (20140404) MachineType: ASUSTeK COMPUTER INC. G551JM ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-45-generic root=UUID=926fa7cc-6f97-4672-85a7-a1ed8f5bd842 ro rootflags=subvol=@ quiet splash intel_pstate=enable acpi_osi=intel vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/13/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: G551JM.204 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: G551JM dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrG551JM.204:bd10/13/2014:svnASUSTeKCOMPUTERINC.:pnG551JM:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnG551JM:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.name: G551JM dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. version.compiz: compiz 1:0.9.11.3+14.04.20141104-0ubuntu1 version.ia32-libs: ia32-libs N/A version.libdrm2: libdrm2 2.4.56-1~ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 10.1.3-0ubuntu0.3 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 10.1.3-0ubuntu0.3 version.xserver-xorg-core: xserver-xorg-core 2:1.15.1-0ubuntu2.6 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.8.2-1ubuntu2 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.3.0-1ubuntu3.1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.910-0ubuntu1.4 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.10-1ubuntu2 xserver.bootTime: Mon Feb 2 18:36:35 2015 xserver.configfile: default xserver.errors: xserver.logfile: /var/log/Xorg.0.log xserver.outputs: product id 12876 vendor SDC xserver.version: 2:1.15.1-0ubuntu2.6 ** Affects: xorg (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug compiz-0.9 package-from-proposed trusty ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1417612 Title: Why some Fn keys (like PowerOff) are un-mappable (and how to map them anyway)? Status in xorg package in Ubuntu: New Bug description: There are keys, that gets captured by the `xev` or `acpi_listen` and which does produce a valid entry in keyboard-mapping settings gui when user is asked to press it for new accelerator key, but the action is not triggered by pressing them afterwards. The most irritating example is the `PowerOff` key, but I can list other, un-named Fn+... keys. Since the GUI was able to read the key-press event, why the Ubuntu cannot actually make this key to trigger an event? I did disable Ubuntu's own PowerOff handler with `gsettings set org.gnome.settings-daemon.plugins.power button-power nothing`. How to map the PowerOff key? Actually, I need to map the PowerOff key into the End key, but I guess being able to map it to *anything* is a first step . ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: xorg
[Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container on top of ecryptfs
** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container on top of ecryptfs Status in “ecryptfs-utils” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: Triaged Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 --- ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 DistroRelease: Ubuntu 14.04 EcryptfsInUse: Yes Package: lxc PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Tags: trusty Uname: Linux 3.13.0-39-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
For one thing, the lxc-create can check if it is going to create a user-space container on top of the ecryptfs, and warn the user if appriopriate with the link to this bug report. That should be fairly easy to implement, because on the default setup the ecryptfs would be the underlying fs, so there is no need to dig into the nested mounts. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “ecryptfs-utils” package in Ubuntu: New Status in “lxc” package in Ubuntu: Invalid Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
For one thing the lxc-create could warn the user (with the link to this bug report) if it finds, that the user is attempting to create a user-space container on top of the ecryptfs. I believe that should be fairly easy to implement. And I guess it is rather important to do, because user never gets a warning about the inherent incompatiblity between user-space containers and encrypted home folder (which is featured by the Ubuntu installer). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “ecryptfs-utils” package in Ubuntu: New Status in “lxc” package in Ubuntu: Invalid Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389305] ProcEnviron.txt
apport information ** Attachment added: ProcEnviron.txt https://bugs.launchpad.net/bugs/1389305/+attachment/4265211/+files/ProcEnviron.txt -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container on top of ecryptfs Status in “ecryptfs-utils” package in Ubuntu: New Status in “linux” package in Ubuntu: Incomplete Status in “lxc” package in Ubuntu: Triaged Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 --- ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 DistroRelease: Ubuntu 14.04 EcryptfsInUse: Yes Package: lxc PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Tags: trusty Uname: Linux 3.13.0-39-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container on top of ecryptfs
apport information ** Tags added: apport-collected trusty ** Description changed: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 + --- + ApportVersion: 2.14.1-0ubuntu3.5 + Architecture: amd64 + DistroRelease: Ubuntu 14.04 + EcryptfsInUse: Yes + Package: lxc + PackageArchitecture: amd64 + ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 + Tags: trusty + Uname: Linux 3.13.0-39-generic x86_64 + UpgradeStatus: No upgrade log present (probably fresh install) + UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo + _MarkForUpload: True ** Attachment added: Dependencies.txt https://bugs.launchpad.net/bugs/1389305/+attachment/4265210/+files/Dependencies.txt -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container on top of ecryptfs Status in “ecryptfs-utils” package in Ubuntu: New Status in “linux” package in Ubuntu: Incomplete Status in “lxc” package in Ubuntu: Triaged Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 --- ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 DistroRelease: Ubuntu 14.04 EcryptfsInUse: Yes Package: lxc PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Tags: trusty Uname: Linux 3.13.0-39-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to
[Touch-packages] [Bug 1389849] Re: sudo service lxc-net restart does not reload dnsmasq when there is a container running
Why would you need other instances of the service lxc-dnsmasq? The lxc- net doesn't support instances - there could be only max. one bridge at any given time, and I believe setting two dnsmasq servers on the same network interface would cause conflict. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389849 Title: sudo service lxc-net restart does not reload dnsmasq when there is a container running Status in “lxc” package in Ubuntu: Triaged Bug description: I know, that I can assign static IP manually, using /etc/network/interfaces. I also know, that I can read the MAC address of the LXC container (e.g. by looking for lxc.network.hwaddr entry in /var/lib/lxc /container-name/config and assign the IP based using entries dhcp- host=mac-addr,10.0.3.3 in /etc/dnsmasq.d/some file. In the file /etc/default/lxc-net I read # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. #LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf That would suit my needs; unfortunately doing so has no effect - at least not until the next computer reboot. I would expect that `sudo service lxc-net restart` forces the dnsmasq to reload - unfortunately it never works. To reproduce: On Ubuntu Trusty 14.04 64bit, 1. install package lxc, 2. create a container (e.g. sudo lxc-create -n mycontainer -t ubuntu -- -r trusty) 3. start it (sudo lxc-start -d -n mycontainer) 4. create another container (e.g. sudo lxc-create -n my2ndcontainer -t ubuntu -- -r trusty) 5. edit /etc/default/lxc-net to uncomment the LXC_DHCP_CONFILE 6. edit /etc/lxc/dnsmasq.conf to contain a line like `dhcp-host=my2ndcontainer,10.0.3.142` 7. sudo service lxc-net restart 8. start the 2nd container (sudo lxc-start -d -n my2ndcontainer) The steps 2 and 3 are optional. The 2nd container never gets the ip 10.0.3.142, but it keeps the assigned dynamic IP Walkaround 1: Turn off the computer and test again tomorrow. Walkaround 2 (more serious, but works only if steps 2 and 3 are skipped): name=my2ndcontainer sudo lxc-stop -n $name /dev/null sudo service lxc-net stop /dev/null if [ -d /sys/class/net/$internalif ]; then sudo brctl delbr $internalif /dev/null #Why? See below. fi sudo rm /var/lib/misc/dnsmasq.$internalif.leases sudo service lxc-net start /dev/null sudo lxc-start -d -n $name /dev/null sleep 5 Unfortunately, there is a bug (feature?) in the /etc/init/lxc-net.conf in Ubuntu 14.04 that prevents reloading the dnsmasq unless the bridge device is down for the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389849/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
I really don't know how to tell you, which Trusty's 64bit minimal cd I used. I didn't even know that there are more than one. I just downloaded the fresh minimal cd about week before posting this bug. When opening the minimal cd in file browser I see no files with names version, changelog or anything similar. The best I found a contents of the .disk/mini-info: Ubuntu 14.04 trusty - amd64 (20101020ubuntu318) uname -r 3.13.0-39-generic Host's home lies on ecryptfs on top of btrfs: $ mount /dev/mapper/sdalvm-root on / type btrfs (rw,noatime,subvol=@) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) none on /sys/fs/pstore type pstore (rw) /dev/mapper/sdalvm-root on /home type btrfs (rw,noatime,subvol=@home) /dev/sda1 on /boot type ext3 (rw) systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd) /home/zosia/.Private on /home/zosia type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=65ba6ff1cded08ed,ecryptfs_fnek_sig=e9a5867908bf1b34) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “lxc” package in Ubuntu: Incomplete Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
On 19.11.2014 15:35, Serge Hallyn wrote: Ah, the ecryptfs $HOME might be the problem. I haven't tested that and wouldn't be surprised if ecryptfs prevented the console from looking ok. Could you try something like: rm -rf $HOME/.config/lxc $HOME/.local/share/lxc sudo mkdir /opt/lxc sudo chown -R $USER /opt/lxc mkdir /opt/lxc/config /opt/lxc/store ln -s /opt/lxc/store $HOME/.local/share/lxc ln -s /opt/lxc/config $HOME/.config/lxc Then re-try the container create/setup. This will create the container rootfs on a non-ecryptfs filesystem. Yes! That resolved the problem. Thank you! Would you be able to tell me, why ecryptfs pose a problem for a sudo in a container? Adam -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “lxc” package in Ubuntu: Incomplete Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389849] Re: sudo service lxc-net restart does not reload dnsmasq when there is a container running
There is also a little more advanced solution, that claims to be compatible with systemd as well: https://github.com/CameronNemo/lxc-net -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389849 Title: sudo service lxc-net restart does not reload dnsmasq when there is a container running Status in “lxc” package in Ubuntu: New Bug description: I know, that I can assign static IP manually, using /etc/network/interfaces. I also know, that I can read the MAC address of the LXC container (e.g. by looking for lxc.network.hwaddr entry in /var/lib/lxc /container-name/config and assign the IP based using entries dhcp- host=mac-addr,10.0.3.3 in /etc/dnsmasq.d/some file. In the file /etc/default/lxc-net I read # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. #LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf That would suit my needs; unfortunately doing so has no effect - at least not until the next computer reboot. I would expect that `sudo service lxc-net restart` forces the dnsmasq to reload - unfortunately it never works. To reproduce: On Ubuntu Trusty 14.04 64bit, 1. install package lxc, 2. create a container (e.g. sudo lxc-create -n mycontainer -t ubuntu -- -r trusty) 3. start it (sudo lxc-start -d -n mycontainer) 4. create another container (e.g. sudo lxc-create -n my2ndcontainer -t ubuntu -- -r trusty) 5. edit /etc/default/lxc-net to uncomment the LXC_DHCP_CONFILE 6. edit /etc/lxc/dnsmasq.conf to contain a line like `dhcp-host=my2ndcontainer,10.0.3.142` 7. sudo service lxc-net restart 8. start the 2nd container (sudo lxc-start -d -n my2ndcontainer) The steps 2 and 3 are optional. The 2nd container never gets the ip 10.0.3.142, but it keeps the assigned dynamic IP Walkaround 1: Turn off the computer and test again tomorrow. Walkaround 2 (more serious, but works only if steps 2 and 3 are skipped): name=my2ndcontainer sudo lxc-stop -n $name /dev/null sudo service lxc-net stop /dev/null if [ -d /sys/class/net/$internalif ]; then sudo brctl delbr $internalif /dev/null #Why? See below. fi sudo rm /var/lib/misc/dnsmasq.$internalif.leases sudo service lxc-net start /dev/null sudo lxc-start -d -n $name /dev/null sleep 5 Unfortunately, there is a bug (feature?) in the /etc/init/lxc-net.conf in Ubuntu 14.04 that prevents reloading the dnsmasq unless the bridge device is down for the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389849/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389849] Re: sudo service lxc-net restart does not reload dnsmasq when there is a container running
After consulting with Serge Hallyn, the original author of the upstart
script that governs creation of the lxc-net bridge, I came up with the
following solution:
1. Turn off all lxc containers and the lxc-net (sudo service lxc-net stop)
2. Remove (or move away) the file /etc/init/lxc-net.conf
3. Create the file /etc/init/lxc-net.conf with the following contents:
description lxc network
author Serge Hallyn serge.hal...@canonical.com
start on starting lxc
stop on stopped lxc
env USE_LXC_BRIDGE=true
env LXC_BRIDGE=lxcbr0
env LXC_ADDR=10.0.3.1
env LXC_NETMASK=255.255.255.0
env LXC_NETWORK=10.0.3.0/24
env varrun=/run/lxc
env LXC_DOMAIN=
pre-start script
[ -f /etc/default/lxc ] . /etc/default/lxc
[ x$USE_LXC_BRIDGE = xtrue ] || { stop; exit 0; }
use_iptables_lock=-w
iptables -w -L -n /dev/null 21 || use_iptables_lock=
cleanup() {
# dnsmasq failed to start, clean up the bridge
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53
-j ACCEPT
iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} !
-d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE}
-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifconfig ${LXC_BRIDGE} down || true
brctl delbr ${LXC_BRIDGE} || true
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
if [ ! -f ${varrun}/network_up ]; then
# bridge exists, but we didn't start it
stop;
fi
exit 0;
fi
# set up the lxc network
brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel;
stop; exit 0; }
echo 1 /proc/sys/net/ipv4/ip_forward
mkdir -p ${varrun}
ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j
ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j
ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j
ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j
ACCEPT
iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d
${LXC_NETWORK} -j MASQUERADE
iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p
udp -m udp --dport 68 -j CHECKSUM --checksum-fill
touch ${varrun}/network_up
end script
post-stop script
[ -f /etc/default/lxc ] . /etc/default/lxc
[ -f ${varrun}/network_up ] || exit 0;
# if $LXC_BRIDGE has attached interfaces, don't shut it down
ls /sys/class/net/${LXC_BRIDGE}/brif/* /dev/null 21 exit 0;
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
use_iptables_lock=-w
iptables -w -L -n /dev/null 21 || use_iptables_lock=
ifconfig ${LXC_BRIDGE} down
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53
-j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53
-j ACCEPT
iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} !
-d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE}
-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true
rm -f ${varrun}/dnsmasq.pid
brctl delbr ${LXC_BRIDGE}
fi
rm -f ${varrun}/network_up
end script
4. Create the file /etc/init/lxc-dnsmasq.conf with the following
contents:
description lxc dnsmasq service
author Adam Ryczkowski, ispired by Serge Hallyn serge.hal...@canonical.com
expect fork
start on started lxc-net
stop on stopped lxc-net
env USE_LXC_BRIDGE=true
env LXC_BRIDGE=lxcbr0
env LXC_ADDR=10.0.3.1
env LXC_NETMASK=255.255.255.0
env LXC_NETWORK=10.0.3.0/24
env LXC_DHCP_RANGE=10.0.3.2,10.0.3.254
env LXC_DHCP_MAX=253
env LXC_DHCP_CONFILE=
env varrun=/run/lxc-dnsmasq
env LXC_DOMAIN=
pre-start script
[ -f /etc/default/lxc ] . /etc/default/lxc
[ x$USE_LXC_BRIDGE = xtrue ] || { stop; exit 0
[Touch-packages] [Bug 1389849] [NEW] sudo service lxc-net restart does not reload dnsmasq when there is a container running
Public bug reported: I know, that I can assign static IP manually, using /etc/network/interfaces. I also know, that I can read the MAC address of the LXC container (e.g. by looking for lxc.network.hwaddr entry in /var/lib/lxc/container- name/config and assign the IP based using entries dhcp-host=mac- addr,10.0.3.3 in /etc/dnsmasq.d/some file. In the file /etc/default/lxc-net I read # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. #LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf That would suit my needs; unfortunately doing so has no effect - at least not until the next computer reboot. I would expect that `sudo service lxc-net restart` forces the dnsmasq to reload - unfortunately it never works. To reproduce: On Ubuntu Trusty 14.04 64bit, 1. install package lxc, 2. create a container (e.g. sudo lxc-create -n mycontainer -t ubuntu -- -r trusty) 3. start it (sudo lxc-start -d -n mycontainer) 4. create another container (e.g. sudo lxc-create -n my2ndcontainer -t ubuntu -- -r trusty) 5. edit /etc/default/lxc-net to uncomment the LXC_DHCP_CONFILE 6. edit /etc/lxc/dnsmasq.conf to contain a line like `dhcp-host=my2ndcontainer,10.0.3.142` 7. sudo service lxc-net restart 8. start the 2nd container (sudo lxc-start -d -n my2ndcontainer) The steps 2 and 3 are optional. The 2nd container never gets the ip 10.0.3.142, but it keeps the assigned dynamic IP Walkaround 1: Turn off the computer and test again tomorrow. Walkaround 2 (more serious, but works only if steps 2 and 3 are skipped): name=my2ndcontainer sudo lxc-stop -n $name /dev/null sudo service lxc-net stop /dev/null if [ -d /sys/class/net/$internalif ]; then sudo brctl delbr $internalif /dev/null #Why? See below. fi sudo rm /var/lib/misc/dnsmasq.$internalif.leases sudo service lxc-net start /dev/null sudo lxc-start -d -n $name /dev/null sleep 5 Unfortunately, there is a bug (feature?) in the /etc/init/lxc-net.conf in Ubuntu 14.04 that prevents reloading the dnsmasq unless the bridge device is down for the host. ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389849 Title: sudo service lxc-net restart does not reload dnsmasq when there is a container running Status in “lxc” package in Ubuntu: New Bug description: I know, that I can assign static IP manually, using /etc/network/interfaces. I also know, that I can read the MAC address of the LXC container (e.g. by looking for lxc.network.hwaddr entry in /var/lib/lxc /container-name/config and assign the IP based using entries dhcp- host=mac-addr,10.0.3.3 in /etc/dnsmasq.d/some file. In the file /etc/default/lxc-net I read # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. #LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf That would suit my needs; unfortunately doing so has no effect - at least not until the next computer reboot. I would expect that `sudo service lxc-net restart` forces the dnsmasq to reload - unfortunately it never works. To reproduce: On Ubuntu Trusty 14.04 64bit, 1. install package lxc, 2. create a container (e.g. sudo lxc-create -n mycontainer -t ubuntu -- -r trusty) 3. start it (sudo lxc-start -d -n mycontainer) 4. create another container (e.g. sudo lxc-create -n my2ndcontainer -t ubuntu -- -r trusty) 5. edit /etc/default/lxc-net to uncomment the LXC_DHCP_CONFILE 6. edit /etc/lxc/dnsmasq.conf to contain a line like `dhcp-host=my2ndcontainer,10.0.3.142` 7. sudo service lxc-net restart 8. start the 2nd container (sudo lxc-start -d -n my2ndcontainer) The steps 2 and 3 are optional. The 2nd container never gets the ip 10.0.3.142, but it keeps the assigned dynamic IP Walkaround 1: Turn off the computer and test again tomorrow. Walkaround 2 (more serious, but works only if steps 2 and 3 are skipped): name=my2ndcontainer sudo lxc-stop -n $name /dev/null sudo service lxc-net stop /dev/null if [ -d /sys/class/net/$internalif ]; then sudo brctl delbr $internalif /dev/null #Why? See below. fi sudo rm /var/lib/misc/dnsmasq.$internalif.leases sudo service lxc-net start /dev/null sudo lxc-start -d -n $name /dev/null sleep 5 Unfortunately, there is a bug (feature?) in the /etc/init/lxc-net.conf in Ubuntu 14.04 that prevents reloading the dnsmasq unless the bridge device is down for the host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389849/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to :
[Touch-packages] [Bug 1389305] [NEW] sudo doesn't work on unprivileged lxc container
Public bug reported: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “lxc” package in Ubuntu: New Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
adam@p1:~$ cat /proc/mounts rootfs / rootfs rw 0 0 /home/adam/.Private / ecryptfs rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=799bd5c1f75cea45,ecryptfs_sig=cead7dbeb43d6c20,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 sysfs /sys sysfs rw,nodev,relatime 0 0 none /sys/fs/fuse/connections fusectl rw,relatime 0 0 none /sys/kernel/debug debugfs rw,relatime 0 0 none /sys/kernel/security securityfs rw,relatime 0 0 none /sys/fs/pstore pstore rw,relatime 0 0 udev /dev/console devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/full devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/null devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/random devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/tty devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/urandom devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 udev /dev/zero devtmpfs rw,relatime,size=8111212k,nr_inodes=2027803,mode=755 0 0 none /sys/firmware/efi/efivars efivarfs rw,relatime 0 0 binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0 devpts /dev/console devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 devpts /dev/tty2 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 devpts /dev/tty3 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 devpts /dev/tty4 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 devpts /dev/pts devpts rw,relatime,gid=15,mode=620,ptmxmode=666 0 0 none /sys/fs/cgroup tmpfs rw,nodev,relatime,size=4k,mode=755,uid=10,gid=10 0 0 none /run tmpfs rw,nosuid,nodev,noexec,relatime,size=1625360k,mode=755,uid=10,gid=10 0 0 none /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,uid=10,gid=10 0 0 none /run/shm tmpfs rw,nosuid,nodev,relatime,uid=10,gid=10 0 0 none /run/user tmpfs rw,nosuid,nodev,noexec,relatime,size=102400k,mode=755,uid=10,gid=10 0 0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “lxc” package in Ubuntu: New Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389305] Re: sudo doesn't work on unprivileged lxc container
Sorry, the previous one was from guest. Here is a host adam@ubuntu-server:~$ cat /proc/mounts rootfs / rootfs rw 0 0 sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 udev /dev devtmpfs rw,relatime,size=1011476k,nr_inodes=252869,mode=755 0 0 devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=205004k,mode=755 0 0 /dev/dm-0 / btrfs rw,noatime,space_cache 0 0 none /sys/fs/cgroup tmpfs rw,relatime,size=4k,mode=755 0 0 none /sys/fs/fuse/connections fusectl rw,relatime 0 0 none /sys/kernel/debug debugfs rw,relatime 0 0 none /sys/kernel/security securityfs rw,relatime 0 0 none /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0 none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0 none /run/user tmpfs rw,nosuid,nodev,noexec,relatime,size=102400k,mode=755 0 0 none /sys/fs/pstore pstore rw,relatime 0 0 /dev/sda1 /boot ext3 rw,relatime,data=ordered 0 0 /dev/dm-0 /home btrfs rw,noatime,space_cache 0 0 systemd /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/run/cgmanager/agents/cgm-release-agent.systemd,name=systemd 0 0 /home/zosia/.Private /home/zosia ecryptfs rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=e9a5867908bf1b34,ecryptfs_sig=65ba6ff1cded08ed,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs 0 0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1389305 Title: sudo doesn't work on unprivileged lxc container Status in “lxc” package in Ubuntu: New Bug description: On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that: $ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? To reproduce: 1. Download and install the Ubuntu amd64 minimalcd 2. Install lxc on it and openssh for convenience. 3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do: a) sudo usermod --add-subuids 10-165536 $USER b) sudo usermod --add-subgids 10-165536 $USER c) sudo chmod +x $HOME d) create the file ~/.config/lxc/default.conf with the following contents: lxc.include = /etc/lxc/default.conf lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 e) echo $USER veth lxcbr0 10 | sudo tee /etc/lxc/lxc-usernet (restart is not required) 4. Create the container with lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64 5. Install openssh-server in the container: lxc-start -d -n p1 lxc-attach -n p1 -- apt-get install openssh-server 6. Add a user adam with the group sudo lxc-attach -n p1 -- adduser adam sudo 7. Set a password for the user 8. Log in via ssh (and provide the password from step 7) ssh p1@adam 9. On the p1: adam@p1$ sudo su sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? I expected it to make change the user to root. lxc version: 1.0.3-0ubuntu3 $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id 20141101_03:49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1389305/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
