Great, thanks for the information.
ecryptfs is a stackable filesystem, meaning that it sits between a real
filesystem and your view of it, interpreting (encrypting/decrypting)
data. There are several things which are notably difficult for a
stackign filesystem to get right.
I'm going to mark this bug as affecting ecryptfs mainly so others can
find the information should they run into this. However it is not
something I would actually expect to get fixed, though it's not
impossible.
** Also affects: ecryptfs-utils (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lxc (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305
Title:
sudo doesn't work on unprivileged lxc container
Status in “ecryptfs-utils” package in Ubuntu:
New
Status in “lxc” package in Ubuntu:
Invalid
Bug description:
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
'nosuid' option set or an NFS file system without root privileges?
To reproduce:
1. Download and install the Ubuntu amd64 minimalcd
2. Install lxc on it and openssh for convenience.
3. follow
https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ;
specifically do:
a) sudo usermod --add-subuids 100000-165536 $USER
b) sudo usermod --add-subgids 100000-165536 $USER
c) sudo chmod +x $HOME
d) create the file ~/.config/lxc/default.conf with the following
contents:
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
(restart is not required)
4. Create the container with
lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
5. Install openssh-server in the container:
lxc-start -d -n p1
lxc-attach -n p1 -- apt-get install openssh-server
6. Add a user "adam" with the group sudo
lxc-attach -n p1 -- adduser adam sudo
7. Set a password for the user
8. Log in via ssh (and provide the password from step 7)
ssh p1@adam
9. On the p1:
adam@p1$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
'nosuid' option set or an NFS file system without root privileges?
I expected it to make change the user to root.
lxc version: 1.0.3-0ubuntu3
$cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
20141101_03:49
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
