[Touch-packages] [Bug 1501959] Re: "System error" on chfn / su with lxc-start --share-net

Fri, 08 Jan 2016 20:27:08 -0800 

[Expired for lxc (Ubuntu) because there has been no activity for 60
days.]

** Changed in: lxc (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1501959

Title:
  "System error" on chfn / su with lxc-start --share-net

Status in lxc package in Ubuntu:
  Expired

Bug description:
  When running `lxc-start --share net 1` on a trusty host with a trusty
  container, chfn / su (and presumably other utilities which use PAM)
  fail.

  Test case:

  lxc-create -t ubuntu -n test1
  cat >/var/lib/lxc/test1/rootfs/config <<EOM
  lxc.include = /usr/share/lxc/config/ubuntu.common.conf
  lxc.rootfs = /var/lib/lxc/test1/rootfs
  lxc.mount = /var/lib/lxc/test1/fstab
  lxc.utsname = test1
  lxc.arch = amd64
  EOM
  lxc-start -n test1 -F --share-net 1 -- chfn -f 'test' root
  lxc-start -n test1 -F --share-net 1 -- su -

  Output:

  # lxc-start -n test1 -F --share-net 1 -- chfn -f 'test' root
  chfn: PAM: System error
  lxc-start: lxc_start.c: main: 342 The container failed to start.
  lxc-start: lxc_start.c: main: 346 Additional information can be obtained by 
setting the --logfile and --logpriority options.
  # lxc-start -n test1 -F --share-net 1 -- su -
  su: System error
  lxc-start: lxc_start.c: main: 342 The container failed to start.
  lxc-start: lxc_start.c: main: 346 Additional information can be obtained by 
setting the --logfile and --logpriority options.

  Issues in Docker e.g. https://github.com/docker/docker/issues/6345
  suggest it's because the AUDIT_WRITE capability is not being set, but
  it doesn't seem to be the case here as LXC by default is doing
  subtractive caps:

  # lxc-info --name test1 -c lxc.cap.keep -c lxc.cap.drop
  lxc.cap.keep =
  lxc.cap.drop = sys_module
  mac_admin
  mac_override
  sys_time

  This issue also appears to have been found in LP: #1430891, but was
  worked around rather than addressed.

  Running without --share-net doesn't exhibit this problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1501959/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to