I can't reproduce this. Is the 'trusty' container a stock, download-templated created container? Which lxc version (from which ppa) are you using? What is the underlying filesystem?
Quoting overlay fs (overla...@gmail.com): > This report pertains to ubuntu 14.04 host and container, with the lxc-daily > ppa > and a container which includes the x11-common package. > > A patch for CVE-2015-1328, overlayfs privilege escalation, > has recently been applied to the kernel, > http://www.ubuntu.com/usn/usn-2643-1/ > > With this patch in place, running the following command, > > lxc-start-ephemeral -o trusty -d > > triggers a kernel oops, > > kernel: [ 3993.329638] BUG: unable to handle kernel NULL pointer > dereference at 0000000000000030 > kernel: [ 3993.329691] IP: [<ffffffffa075cd80>] > ovl_dentry_root_may+0x30/0x60 [overlayfs] > kernel: [ 3993.329735] PGD 8e7a2067 PUD 8b516067 PMD 0 > kernel: [ 3993.329766] Oops: 0000 [#1] SMP > > with call trace, > > kernel: [ 3993.331138] Call Trace: > kernel: [ 3993.331156] [<ffffffffa075ef2e>] > ovl_check_empty_and_clear+0x4e/0x240 [overlayfs] > kernel: [ 3993.331198] [<ffffffff811d44c0>] ? > prepend.constprop.25+0x30/0x30 > kernel: [ 3993.331231] [<ffffffffa075d963>] ovl_rmdir+0x23/0x40 > [overlayfs] > kernel: [ 3993.331262] [<ffffffff811cc678>] vfs_rmdir+0xa8/0x100 > kernel: [ 3993.331291] [<ffffffff811ce571>] do_rmdir+0x1c1/0x1e0 > kernel: [ 3993.331321] [<ffffffff81021127>] ? > syscall_trace_enter+0x197/0x250 > kernel: [ 3993.331352] [<ffffffff811cf655>] SyS_unlinkat+0x25/0x40 > kernel: [ 3993.331383] [<ffffffff81733f6f>] tracesys+0xe1/0xe6 > kernel: [ 3993.331409] Code: 55 48 89 e5 41 55 49 89 f5 41 54 53 48 > 8b 47 68 89 d3 48 8b 80 f8 02 00 00 48 8b 78 28 e8 e9 3a 93 e0 49 89 > c4 49 8b 45 08 89 de <48> 8b 78 30 e8 97 c4 a6 e0 83 f8 01 4c 89 e7 19 > db f7 d3 83 e3 > kernel: [ 3993.331695] RIP [<ffffffffa075cd80>] > ovl_dentry_root_may+0x30/0x60 [overlayfs] > kernel: [ 3993.331737] RSP <ffff88008bfbbda8> > kernel: [ 3993.331755] CR2: 0000000000000030 > kernel: [ 3993.337695] ---[ end trace 166f37bc2c7b0f52 ]--- > > The oops occurs every time the command is run. > > If the container's (upstart) init is replaced with, > > /sbin/init --no-startup-event > > then the oops does not occur. > > When the oops occurs, /etc/init.d/x11-common hangs at > the following line, > > mkdir -p -m 01777 /tmp/.X11-unix > > and the container's /tmp is unreadable, both from within the container > and from the host. > > Containers that do not include the x11-common package > do not exhibit the bug. Installing x11-common suffices to trigger the bug. > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
