Update on the previous comment, I realised the issue was the the
partition where /var was mounted to hat nosuid set. Seems /var/lib/lxc
must allow for the suid bit to be set. The problem is that people often
have /home mounted with nosuid as a normal security precaution, so this
effects running
It also affected me on Ubuntu 16.04 LTS with /var/lib/lxc mount via
bind.
My original setup only had 8GB for /var, so a bind to directory in /home
was the custom hack I did to give lxc more space.
$ grep lxc /etc/fstab
/home/var/lib/lxc /var/lib/lxc nonebind
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ecryptfs-utils (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ecryptfs-utils (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389305
** Changed in: linux (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container on top
** Changed in: linux (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container on top of ecryptfs
For one thing the lxc-create could warn the user (with the link to this
bug report) if it finds, that the user is attempting to create a
user-space container on top of the ecryptfs. I believe that should be
fairly easy to implement. And I guess it is rather important to do,
because user never
For one thing, the lxc-create can check if it is going to create a
user-space container on top of the ecryptfs, and warn the user if
appriopriate with the link to this bug report. That should be fairly
easy to implement, because on the default setup the ecryptfs would be
the underlying fs, so
(marking low priority for lxc because ther eis a workaround)
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Quoting Adam Ryczkowski (adam.ryczkow...@statystyka.net):
For one thing, the lxc-create can check if it is going to create a
user-space container on top of the ecryptfs, and warn the user if
True. Though I would prefer not to work around the bug like this
until we are certain that it cannot
apport information
** Tags added: apport-collected trusty
** Description changed:
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
'nosuid' option
For one thing the lxc-create could warn the user (with the link to this
bug report) if it finds, that the user is attempting to create a
user-space container on top of the ecryptfs. I believe that should be
fairly easy to implement. And I guess it is rather important to do,
because user never
For one thing, the lxc-create can check if it is going to create a
user-space container on top of the ecryptfs, and warn the user if
appriopriate with the link to this bug report. That should be fairly
easy to implement, because on the default setup the ecryptfs would be
the underlying fs, so
Quoting Adam Ryczkowski (adam.ryczkow...@statystyka.net):
For one thing, the lxc-create can check if it is going to create a
user-space container on top of the ecryptfs, and warn the user if
True. Though I would prefer not to work around the bug like this
until we are certain that it cannot
(marking low priority for lxc because ther eis a workaround)
** Changed in: linux (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo
apport information
** Tags added: apport-collected trusty
** Description changed:
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
'nosuid' option
Great, thanks for the information.
ecryptfs is a stackable filesystem, meaning that it sits between a real
filesystem and your view of it, interpreting (encrypting/decrypting)
data. There are several things which are notably difficult for a
stackign filesystem to get right.
I'm going to mark
Great, thanks for the information.
ecryptfs is a stackable filesystem, meaning that it sits between a real
filesystem and your view of it, interpreting (encrypting/decrypting)
data. There are several things which are notably difficult for a
stackign filesystem to get right.
I'm going to mark
I really don't know how to tell you, which Trusty's 64bit minimal cd I
used. I didn't even know that there are more than one.
I just downloaded the fresh minimal cd about week before posting this
bug. When opening the minimal cd in file browser I see no files with
names version, changelog or
Quoting Adam Ryczkowski (adam.ryczkow...@statystyka.net):
I really don't know how to tell you, which Trusty's 64bit minimal cd I
The full url.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
Ah, the ecryptfs $HOME might be the problem. I haven't tested that
and wouldn't be surprised if ecryptfs prevented the console from
looking ok. Could you try something like:
rm -rf $HOME/.config/lxc $HOME/.local/share/lxc
sudo mkdir /opt/lxc
sudo chown -R $USER /opt/lxc
mkdir /opt/lxc/config
On 19.11.2014 15:35, Serge Hallyn wrote:
Ah, the ecryptfs $HOME might be the problem. I haven't tested that
and wouldn't be surprised if ecryptfs prevented the console from
looking ok. Could you try something like:
rm -rf $HOME/.config/lxc $HOME/.local/share/lxc
sudo mkdir /opt/lxc
sudo
I really don't know how to tell you, which Trusty's 64bit minimal cd I
used. I didn't even know that there are more than one.
I just downloaded the fresh minimal cd about week before posting this
bug. When opening the minimal cd in file browser I see no files with
names version, changelog or
Quoting Adam Ryczkowski (adam.ryczkow...@statystyka.net):
I really don't know how to tell you, which Trusty's 64bit minimal cd I
The full url.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Ah, the ecryptfs $HOME might be the problem. I haven't tested that
and wouldn't be surprised if ecryptfs prevented the console from
looking ok. Could you try something like:
rm -rf $HOME/.config/lxc $HOME/.local/share/lxc
sudo mkdir /opt/lxc
sudo chown -R $USER /opt/lxc
mkdir /opt/lxc/config
On 19.11.2014 15:35, Serge Hallyn wrote:
Ah, the ecryptfs $HOME might be the problem. I haven't tested that
and wouldn't be surprised if ecryptfs prevented the console from
looking ok. Could you try something like:
rm -rf $HOME/.config/lxc $HOME/.local/share/lxc
sudo mkdir /opt/lxc
sudo
Can you paste /proc/mounts from your host please?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container
To manage notifications
adam@p1:~$ cat /proc/mounts
rootfs / rootfs rw 0 0
/home/adam/.Private / ecryptfs
rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=799bd5c1f75cea45,ecryptfs_sig=cead7dbeb43d6c20,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs
0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Sorry, the previous one was from guest. Here is a host
adam@ubuntu-server:~$ cat /proc/mounts
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,relatime,size=1011476k,nr_inodes=252869,mode=755 0 0
Can you paste /proc/mounts from your host please?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container
To manage notifications about this
adam@p1:~$ cat /proc/mounts
rootfs / rootfs rw 0 0
/home/adam/.Private / ecryptfs
rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=799bd5c1f75cea45,ecryptfs_sig=cead7dbeb43d6c20,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs
0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Sorry, the previous one was from guest. Here is a host
adam@ubuntu-server:~$ cat /proc/mounts
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,relatime,size=1011476k,nr_inodes=252869,mode=755 0 0
32 matches
Mail list logo
