[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
** Changed in: juju Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
** Changed in: juju Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
It would appear that the problem happens because of twistd's default behavior when daemonizing. It always sets umask to 0077. On non-local images, we don't daemonize because the agents are run via upstart in --nodaemonize mode. I have a fix for this in the local-cloud-img branch, which is to explicitly set the umask back to 0022. This might also have the effect of opening up the permissions a bit on the lxc containers so normal users can poke around in the rootfs if they have sufficient perms (though that may not be desirable since uids will not match up properly). ** Branch linked: lp:~clint-fewbar/juju/local-cloud-img ** Changed in: juju Status: Triaged = In Progress ** Changed in: juju Assignee: (unassigned) = Clint Byrum (clint-fewbar) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
I've just noticed this with some of the unit tests, afaik this is some change in lxc behavior. $ lxc-ls kapil-dev-0-template kapil-dev-wordpress-0 monitoring /usr/bin/lxc-ls: line 35: cd: /sys/fs/cgroup/cpuset///lxc: Permission denied ls: cannot access kapil-dev-wordpress-0: No such file or directory it only happens for trying to access the running containers. -k On Thu, Sep 20, 2012 at 1:31 AM, Clint Byrum cl...@fewbar.com wrote: ** Also affects: juju Importance: Undecided Status: New ** Changed in: juju Status: New = Triaged ** Changed in: juju Importance: Undecided = High ** Changed in: juju Milestone: None = 0.6 -- You received this bug notification because you are subscribed to juju. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
Quoting Kapil Thangavelu (930...@bugs.launchpad.net): I've just noticed this with some of the unit tests, afaik this is some change in lxc behavior. I don't think it's a change in lxc behavior. I think it's a change in the umask which juju has set when it calls lxc-start. lxc passes a requested mode to mkdir(2), which then s that with the umask. Ideally juju would set umask correctly. There are two ways lxc could help, but they're not particularly palatable. It could second-guess the caller and hand-set umask before calling mkdir. I think that's Wrong. It could check umask and spit out an error if it is too restrictive. That will help users find the cause more quickly, but doesn't solve the bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
** Also affects: juju Importance: Undecided Status: New ** Changed in: juju Status: New = Triaged ** Changed in: juju Importance: Undecided = High ** Changed in: juju Milestone: None = 0.6 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
I encountered with this issue when I was trying to destroy a local environment. I have no problem to bootstrap/deploy service locally. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
Hi Jamie, I started seeing this with juju 0.5.1+bzr563-0juju2~precise1, to which I recently upgraded. With 0.5+bzr531-0ubuntu1.2 (also in precise) it works. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
This is odd, I seem to have lost a bunch of comments - meaning I must have added them to the wrong bug! The gist is, this is not a bug in lxc in my opinion. Lxc creates the /sys/fs/cgroup/xyz/lxc directories using mkdir(2) passing 0755 as the mode. That mode is masked with the task's umask. juju is running lxc- start with a umask of 0077, rather than the usual 0022. That is the reason the directory gets the wrong permissions. Lxc could go in and chmod the directories by hand, but that would be wrong. The umask presumably is set as it is for a reason. In my opinion, juju should change its umask to 0022 before calling lxc- create. ** Changed in: lxc (Ubuntu) Status: Confirmed = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
Thanks, Jamie, I will try to reproduce with your recipe. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
@Jamie, to help me gauge priority - is this in any way blocking you? If not I'll mark it as low priority since sudo is a workaround :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
This is not blocking me. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
** Changed in: juju (Ubuntu) Status: New = Confirmed ** Changed in: lxc (Ubuntu) Status: New = Confirmed ** Changed in: lxc (Ubuntu) Importance: Undecided = High ** Changed in: juju (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930430] Re: lxc-ls requires root access after deploying an LXC instance
If I first lxc-create -t ubuntu -n oneiric lxc-start -n oneiric (and then shut that down) and then do juju bootstrap and deploy, it goes fine. It seems like juju is chmod'ing the lxc cgroup directories, but I don't see where (or why). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/930430 Title: lxc-ls requires root access after deploying an LXC instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs