Apparently the kernel is now fixed so that we should be able to use the upstream fix. I'm going to try to get that into the trusty package rather than keep tweakng this separate patch.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1509752 Title: Bug in ensure_not_symlink() from 0003-CVE-2015-1335.patch Status in lxc package in Ubuntu: Confirmed Bug description: This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through 1.0.7-0ubuntu0.9 (or anything that incorporates 0003-CVE-2015-1335.patch). Basically, the limitation is obvious when using recursive bind mounts because ensure_not_symlink() only checks the last line of /proc/self/mountinfo which will be a submount so will always fail the test and trigger: ensure_not_symlink: 1413 Mount onto /usr/lib/x86_64-linux- gnu/lxc/storage resulted in /usr/lib/x86_64-linux- gnu/lxc/storage/submount, not /usr/lib/x86_64-linux-gnu/lxc/storage Sorry if this is a duplicate, I did spend quite some time trying to find a similar report. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp