Hello, > During a recent security audit of LXC, Roman Fiedler identified a > security vulnerability in LXC. thanks for providing this fix!
I updated to the latest release on the stable/lts PPA (https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/lts). package version: 1.0.7-0ubuntu0.5~ubuntu14.04.1~ppa1 > 1. do not allow mounts to paths containing symbolic links > 2. do not allow bind mounts from relative paths containing symbolic > links. Unfortunately, now I cannot start a container anymore, which does have a mount. It is not using symbolic links, as far as I can see. In the config file, I have this line: lxc.mount.entry = /var/lib/repocache/57/debian/jessie/amd64/var/cache/apt /var/lib/lxc/57-jessiestable.kolab.pokorra.de/rootfs/var/cache/apt none defaults,bind 0 0 But lxc-start -n shows me this error: lxc-start: utils.c: ensure_not_symlink: 1384 Mount onto /usr/lib/x86_64-linux-gnu/lxc//var/cache/apt resulted in /usr/lib/x86_64-linux-gnu/lxc/var/cache/apt lxc-start: utils.c: safe_mount: 1409 Mount of '/var/lib/repocache/57/debian/jessie/amd64/var/cache/apt' onto '/usr/lib/x86_64-linux-gnu/lxc//var/cache/apt' was onto a symlink! lxc-start: conf.c: mount_entry: 2051 No such file or directory - failed to mount '/var/lib/repocache/57/debian/jessie/amd64/var/cache/apt' on '/usr/lib/x86_64-linux-gnu/lxc//var/cache/apt' lxc-start: conf.c: lxc_setup: 4165 failed to setup the mount entries for '57-jessiestable.kolab.pokorra.de' I wonder where does the path /usr/lib/x86_64-linux-gnu/lxc//var/cache/apt come from? Is there a bug in the security patch, or some problem in my system? It used to work fine before applying this latest release. Thanks for any ideas, Timotheus _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
