Hello Steve, or anyone else affected, Accepted lxc into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/1.0.7-0ubuntu0.10 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: lxc (Ubuntu) Status: Fix Released => Invalid ** Changed in: lxc (Ubuntu Trusty) Status: New => In Progress ** Changed in: lxc (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1509752 Title: Bug in ensure_not_symlink() from 0003-CVE-2015-1335.patch Status in lxc package in Ubuntu: Invalid Status in lxc source package in Trusty: Fix Committed Bug description: ======================================================================= SRU Justification Impact: cannot start containers with lxc.mount.entries which are recursive bind mounts Regression potential: this makes assumptions about the ordering of /proc/self/mountinfo, but no more so than the original CVE patch. So it should not regress from the previous lxc version. Test case: #!/bin/sh set -ex cleanup() { umount /mnt/etc /mnt/proc || true lxc-stop -n t1 -k || true lxc-destroy -n t1 || true } trap cleanup EXIT mkdir -p /mnt/etc /mnt/proc mount --bind /etc /mnt/etc mount --bind /proc /mnt/proc lxc-create -t download -n t1 -- -d ubuntu -r trusty -a amd64 cat >> /var/lib/lxc/t1/config << EOF lxc.mount.entry = /mnt hostmnt none rbind,create=dir EOF lxc-start -n t1 -F -l trace -o /dev/stdout echo "DONE" ======================================================================= This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through 1.0.7-0ubuntu0.9 (or anything that incorporates 0003-CVE-2015-1335.patch). Basically, the limitation is obvious when using recursive bind mounts because ensure_not_symlink() only checks the last line of /proc/self/mountinfo which will be a submount so will always fail the test and trigger: ensure_not_symlink: 1413 Mount onto /usr/lib/x86_64-linux- gnu/lxc/storage resulted in /usr/lib/x86_64-linux- gnu/lxc/storage/submount, not /usr/lib/x86_64-linux-gnu/lxc/storage Sorry if this is a duplicate, I did spend quite some time trying to find a similar report. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp