[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-05 Thread Launchpad Bug Tracker 
This bug was fixed in the package lxc - 0.9.0-0ubuntu3.7

---
lxc (0.9.0-0ubuntu3.7) raring-proposed; urgency=low

  * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
to be perms 700.  That prevents unprivileged users from running setuid-root
applications.  Install that way by default, and for any previous versions,
update the permissions.  After this version, respect the user's choice.
(LP: #1244635)
  * 0112-ubuntu-Improper-pty-permissions.patch: fix permissions with which
devpts is mounted in containers.  (LP: #1242913)
 -- Serge Hallyn serge.hal...@ubuntu.com   Tue, 29 Oct 2013 13:45:17 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-05 Thread Launchpad Bug Tracker 
This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu39.12.10.5

---
lxc (0.8.0~rc1-4ubuntu39.12.10.5) quantal-proposed; urgency=low

  * add mkdir before chown of /var/{lib,cache}/lxc to avoid build
failure.

lxc (0.8.0~rc1-4ubuntu39.12.10.4) quantal-proposed; urgency=low

  * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
to be perms 700.  That prevents unprivileged users from running setuid-root
applications.  Install that way by default, and for any previous versions,
update the permissions.  After this version, respect the user's choice.
(LP: #1244635)
  * 0312-ubuntu-Improper-pty-permissions.patch: fix permissions with which
devpts is mounted in containers.  (LP: #1242913)
 -- Serge Hallyn serge.hal...@ubuntu.com   Tue, 29 Oct 2013 23:17:06 -0500

** Changed in: lxc (Ubuntu Raring)
   Status: Fix Committed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-05 Thread Launchpad Bug Tracker 
This bug was fixed in the package lxc - 0.7.5-3ubuntu69

---
lxc (0.7.5-3ubuntu69) precise-proposed; urgency=low

  * mkdir /var/{cache.lib}/lxc before chmoding them to avoid FTBFS.

lxc (0.7.5-3ubuntu68) precise-proposed; urgency=low

  * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
to be perms 700.  That prevents unprivileged users from running setuid-root
applications.  Install that way by default, and for any previous versions,
update the permissions.  After this version, respect the user's choice.
(LP: #1244635)
  * 0312-ubuntu-Improper-pty-permissions.patch: fix permissions with which
devpts is mounted in containers.  (LP: #1242913)
 -- Serge Hallyn serge.hal...@ubuntu.com   Tue, 29 Oct 2013 15:01:36 -0500

** Changed in: lxc (Ubuntu Precise)
   Status: Fix Committed = Fix Released

** Changed in: lxc (Ubuntu Quantal)
   Status: Fix Committed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-04 Thread Launchpad Bug Tracker 
This bug was fixed in the package lxc - 1.0.0~alpha1-0ubuntu12

---
lxc (1.0.0~alpha1-0ubuntu12) saucy-proposed; urgency=low

  * 0012-ubuntu-Improper-pty-permissions.patch: fix pty permissions
(LP: #1242913)
  * 0013-get-rid-of-lxcpath_anon-idea.patch: make containers started with
a custom config easier to manage.  (LP: #1244301)
 -- Serge Hallyn serge.hal...@ubuntu.com   Fri, 25 Oct 2013 15:42:27 -0500

** Changed in: lxc (Ubuntu Saucy)
   Status: Fix Committed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
Ah, my bad, Stephane.  I tested Ubuntu 13.10 saucy.

** Tags added: verification-done-saucy

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
ubuntu@ip-10-164-72-103:~$ cat /etc/issue
Ubuntu 13.04 \n \l

ubuntu@ip-10-164-72-103:~$ dpkg -l | grep lxc
ii  liblxc00.9.0-0ubuntu3.7   
amd64Linux Containers userspace tools (library)
ii  lxc0.9.0-0ubuntu3.7   
amd64Linux Containers userspace tools
ii  lxc-docker 0.6.5  
amd64lxc-docker is a Linux container runtime
ii  lxc-docker-0.6.5   0.6.5  
amd64lxc-docker is a Linux container runtime
ii  lxc-templates  0.9.0-0ubuntu3.7   
all  Linux Containers userspace tools (development)
ii  python3-lxc0.9.0-0ubuntu3.7   
amd64Linux Containers userspace tools (Python 3.x bindings)

ubuntu@ip-10-164-72-103:~$ fgrep pts /proc/mounts
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0

ubuntu@ip-10-164-72-103:~$ sudo docker run -i -t ubuntu /bin/bash

root@853de93e944c:/# fgrep pts /proc/mounts
devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0


** Tags added: verification-done-raring

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
ubuntu@ip-10-185-176-79:~$ cat /etc/issue
Ubuntu 12.10 \n \l

ubuntu@ip-10-185-176-79:~$ dpkg -l | grep lxc
ii  liblxc00.8.0~rc1-4ubuntu39.12.10.5
amd64Linux Containers userspace tools (library)
ii  lxc0.8.0~rc1-4ubuntu39.12.10.5
amd64Linux Containers userspace tools
ii  lxc-docker 0.6.5  
amd64lxc-docker is a Linux container runtime
ii  lxc-docker-0.6.5   0.6.5  
amd64lxc-docker is a Linux container runtime

ubuntu@ip-10-185-176-79:~$ fgrep pts /proc/mounts
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0

ubuntu@ip-10-185-176-79:~$ sudo docker run -i -t ubuntu /bin/bash

root@e2c33ddbd910:/# fgrep pts /proc/mounts
devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0


** Tags added: verification-done-quantal

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
Strike Comment #19.  Precise is good too.

** Tags added: verification-done-precise

** Tags removed: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
Hang on, wrong paste there for precise...

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-11-01 Thread Dustin Kirkland  
ubuntu@ip-10-166-49-90:~$ cat /etc/issue
Ubuntu 12.04.3 LTS \n \l

ubuntu@ip-10-166-49-90:~$ dpkg -l | grep lxc
ii  lxc  0.7.5-3ubuntu69   Linux 
containers userspace tools
ii  lxc-docker   0.6.5 
lxc-docker is a Linux container runtime
ii  lxc-docker-0.6.5 0.6.5 
lxc-docker is a Linux container runtime

ubuntu@ip-10-166-49-90:~$ fgrep pts /proc/mounts
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0

ubuntu@ip-10-166-49-90:~$ sudo docker run -i -t ubuntu /bin/bash

root@b244742650f6:/# fgrep pts /proc/mounts
devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-31 Thread Dustin Kirkland  
Fix verified.

LXC Guest:

root@20d752d45116:/# ls -alF /dev/pts/
total 4
drwxr-xr-x 2 root root0 Oct 31 18:50 ./
drwxr-xr-x 6 root root 4096 Oct 31 18:50 ../
crw-rw-rw- 1 root root 5, 2 Oct 31 18:50 ptmx

root@20d752d45116:/# cat /proc/mounts | grep /dev/pts 
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0

root@20d752d45116:/# fgrep pts /proc/mounts
devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,gid=5,mode=620,ptmxmode=666 0 0


LXC Host:

kirkland@x230:~⟫ fgrep pts /proc/mounts
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0


** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-31 Thread Stéphane Graber 
Hi Dustin,

This bug targets multiple series and as such needs confirmation on each
of them.

Please don't use verification-done in such case, but verification-
done-series (e.g verification-done-precise).

I'd have added the right tag for you but what you pasted doesn't tell me
which release of Ubuntu your host system was using.

** Tags removed: verification-done
** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-29 Thread Stéphane Graber 
Hello John, or anyone else affected,

Accepted lxc into raring-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/lxc/0.9.0-0ubuntu3.7 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: lxc (Ubuntu Raring)
   Status: Triaged = Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-29 Thread Stéphane Graber 
Hello John, or anyone else affected,

Accepted lxc into quantal-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/lxc/0.8.0~rc1-4ubuntu39.12.10.4 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: lxc (Ubuntu Quantal)
   Status: Triaged = Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-28 Thread Stéphane Graber 
** Changed in: lxc (Ubuntu Saucy)
   Status: Triaged = Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-28 Thread Stéphane Graber 
Hello John, or anyone else affected,

Accepted lxc into saucy-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/lxc/1.0.0~alpha1-0ubuntu12 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-22 Thread John Peacock 
Rebuilding IO::Tty on a system which lacks grantpt() and pt_chown()
fixed the problem with the script not being able to create a pty.

So the only remaining piece is to understand why /dev/pts is being
chowned to root:root.  Looking at src/lxc/conf.c, I can see where that
directory is being created.  This isn't specific to Centos; it happens
equally with Ubuntu instances.

The attached patch (soon to be submitted upstream) appears to be a belts
and braces approach to ensure that the /dev/pts directory has the
correct group ownership.  Using both patches completely fixes this bug
for me.

** Patch added: 0013-ubuntu-Improper-pty-group.patch
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+attachment/3887396/+files/0013-ubuntu-Improper-pty-group.patch

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-22 Thread Stéphane Graber 
Access permissions on the mount point shouldn't matter.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-22 Thread John Peacock 
I've now confirmed that root:root on the mount point works.  The Perl
IO::Tty module had to be rebuilt against the glibc without pt_chown()
before it would work and that confused the issue.

Sorry for the noise...

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-21 Thread Bryan Fullerton 
** Package changed: ubuntu = lxc (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-21 Thread Stéphane Graber 
** Also affects: lxc (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Quantal)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Raring)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Saucy)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Trusty)
   Status: New = Fix Released

** Changed in: lxc (Ubuntu Precise)
   Status: New = Triaged

** Changed in: lxc (Ubuntu Quantal)
   Status: New = Triaged

** Changed in: lxc (Ubuntu Raring)
   Status: New = Triaged

** Changed in: lxc (Ubuntu Saucy)
   Status: New = Triaged

** Changed in: lxc (Ubuntu Precise)
   Importance: Undecided = High

** Changed in: lxc (Ubuntu Quantal)
   Importance: Undecided = High

** Changed in: lxc (Ubuntu Raring)
   Importance: Undecided = High

** Changed in: lxc (Ubuntu Saucy)
   Importance: Undecided = High

** Description changed:

- I'm trying to set up a Centos 6 instance using lxc and it works fine
- except that non-root users cannot create pseudo-terminals under
- /dev/pts.  After lots of googling, it appears that Lxc has reverted to
- an earlier bad behavior, in that /dev/pts is being created with the
- wrong permissions.
+ == Rationale ==
+ This needs to be SRUed to allow distros that dropped pt_chown to still work 
under LXC.
+ The change was done upstream as soon as we heard of the matching CVE, this 
change absolutely needs to land before or at the same time as the eglibc 
security update.
+ 
+ == Test case ==
+ 1) Start container
+ 2) cat /proc/mounts | grep /dev/pts 
+ Check that this matches devpts /dev/pts devpts 
rw,relatime,gid=5,mode=620,ptmxmode=666 0 0
+ 
+ == Regression potential ==
+ The only risk is if a distro doesn't use 5 as the gid for the tty group. As 
far as we could find before doing that change upstream, none of the distros 
supported by LXC do so.
+ 
+ 
+ == Original bug report ==
+ I'm trying to set up a Centos 6 instance using lxc and it works fine except 
that non-root users cannot create pseudo-terminals under /dev/pts.  After lots 
of googling, it appears that Lxc has reverted to an earlier bad behavior, in 
that /dev/pts is being created with the wrong permissions.
  
  HOST
- # fgrep pts /proc/mounts 
+ # fgrep pts /proc/mounts
  devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 
0 0
  
  LXC instance
- [root@rh64bare ~]# fgrep pts /proc/mounts 
+ [root@rh64bare ~]# fgrep pts /proc/mounts
  devpts /dev/console devpts 
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
  devpts /dev/tty1 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 
0 0
  devpts /dev/tty2 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 
0 0
  devpts /dev/tty3 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 
0 0
  devpts /dev/tty4 devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 
0 0
  devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
  devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0
  
  Note the mode on /dev/pts; only root can create pseudo terminals.  I
  tried to add an explicit devpts line to the instance fstab with the
  correct parameters, but nothing changed.  Additionally, /dev/pts is
  being created root/root, not root/tty, so the gid=5 (also missing from
  the /dev/pts options) would have no effect in any case.
  
  Running Ubuntu 13.10 (but saw it with 13.4 as well).
  
  This was fixed upstream:
  
  commit 67e5a20ad1b5579a571f43f7dd8a1556a8bea7a1
  Author: Stéphane Graber stgra...@ubuntu.com
  Date:   Tue Oct 15 14:54:41 2013 -0400
  
- Improper pty permissions - missing mode=0620, gid=5
- 
- This fix is coming from Debian bug:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
- 
- The reason for the hardcoded gid= and mode= is because of the fix for
- CVE-2013-2207 which removes pt_chown from glibc and so requires proper
- write access to devpts.
- 
- It looks like the tty group is guaranteed to be gid=5 on at least all
- RedHat based and Debian based systems. So this hardcode gid shouldn't be
- a big problem. If we however support any distro where that's not the
- case, we'll need to implement an extra lxc.conf option and matching
- template changes.
- 
- Signed-off-by: Stéphane Graber stgra...@ubuntu.com
- Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
+ Improper pty permissions - missing mode=0620, gid=5
+ 
+ This fix is coming from Debian bug:
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
+ 
+ The reason for the hardcoded gid= and mode= is because of the fix for
+ CVE-2013-2207 which removes pt_chown from glibc and so requires proper
+ write access to devpts.
+ 
+ It looks like the tty group is guaranteed to be gid=5 on at least all
+ RedHat based and Debian

[Bug 1242913] Re: /dev/pts being created with mode=600 by Lxc

2013-10-21 Thread John Peacock 
Unfortunately, after I submitted this ticket, I discovered that the
patch alone is not sufficient.  It turns out that the group ownership of
/dev/pts is also not being set correctly (it is still root:root), which
also prevents users that are members of the tty group from being able to
create ptys.

I tested this issue by doing the following (or the moral equivalent):

  mkdir $ROOTFS/dev/pts
  chgrp tty $ROOTFS/dev/pts

while the instance was down.  When I brought it up using lxc-start,
/dev/pts was again root:root.  I'm not clear where the ownership is
being changed.

I changed the group ownership from within the instance and installed
screen.  I created a non-root user that was member of both tty and
screen and changed the permissions of /var/run/screen to 01777 and was
able to start screen.  So far so good or at least less bad.

I'm still investigating my original problem (which was using the Perl
CPAN module IO::Tty), which is getting yet another error message:

  IO::Tty::pty_allocate(nonfatal): grantpt()...

which appears to be a related problem.  I'll post more tomorrow if I
figure out anything else out.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1242913

Title:
  /dev/pts being created with mode=600 by Lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1242913/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs