[Touch-packages] [Bug 1551935] Re: lxc-copy message is the wrong way around

2016-03-01 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: New => Confirmed ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1551960] Re: lxc-attach does not work any more with input redirection

2016-03-01 Thread Christian Brauner
Fix present as pr on github against lxc master. Should be committed soon. ** Changed in: lxc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1551960] Re: lxc-attach does not work any more with input redirection

2016-03-01 Thread Christian Brauner
Nevermind. You have the newest version. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1551960 Title: lxc-attach does not work any more with input redirection Status in

[Touch-packages] [Bug 1551935] Re: lxc-copy message is the wrong way around

2016-03-01 Thread Christian Brauner
I'm fixing the ordering now. Regarding the last part "This is still not easy at all.": Do you mean that the message should be simpler (e.g. Created adt-wily_1WtXPo)? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in

[Touch-packages] [Bug 1551960] Re: lxc-attach does not work any more with input redirection

2016-03-01 Thread Christian Brauner
Martin, can you please try with a fresh build from current lxc master and report if the error still persists? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1551960 Title:

[Touch-packages] [Bug 1551960] Re: lxc-attach does not work any more with input redirection

2016-03-01 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1551960 Title: lxc-attach does not work any more with

[Touch-packages] [Bug 1567037] Re: lxc-attach crashed with SIGSEGV in get_pty_on_host()

2016-04-07 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1567037 Title: lxc-attach crashed with SIGSEGV in

[Touch-packages] [Bug 1567037] Re: lxc-attach crashed with SIGSEGV in get_pty_on_host()

2016-04-11 Thread Christian Brauner
Hi, could you please attach the contents of the file /var/log/lxc/(container).log as Serge suggested. That would be great. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1553097] Re: lxc-attach does not output stderr any more if stdout is redirected

2016-03-08 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1553097 Title: lxc-attach does not output stderr any

[Touch-packages] [Bug 1553097] Re: lxc-attach does not output stderr any more if stdout is redirected

2016-03-04 Thread Christian Brauner
Fix proposed (https://github.com/lxc/lxc/pull/873). Tests are included as well. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1553097 Title: lxc-attach does not output

[Touch-packages] [Bug 1553097] Re: lxc-attach does not output stderr any more if stdout is redirected

2016-03-04 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1553097 Title: lxc-attach does not output stderr any more

Re: [Touch-packages] [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec

2017-01-31 Thread Christian Brauner
I've reproduced this on a fresh standard xenial instance with LXD 2.0.8 and also on a xenial instance with a patched glibc that reports ENODEV on ttyname{_r}() on a pty fd that does not exist: root@x:~# ./enodev_on_pty_in_different_namespace ttyname(): The pty device might exist in a different

Re: [Touch-packages] [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec

2017-01-31 Thread Christian Brauner
On Tue, Jan 31, 2017 at 11:34:43AM +0100, Christian Brauner wrote: > I've reproduced this on a fresh standard xenial instance with LXD > 2.0.8 and also on a xenial instance with a patched glibc that reports > ENODEV on ttyname{_r}() on a pty fd that does not exist: &g

[Touch-packages] [Bug 1657437] Re: Unprivileged containers run by non-root fail to start if trying to bind-mount a directory that contains a mounted ecryptfs

2017-01-18 Thread Christian Brauner
Hi, this is not a bug. What you want is to recursively bind-mount: lxc.mount.entry = /home home none rbind,create=dir 0 0 Christian -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1668049] Re: lxd cannot shutdown container

2017-02-26 Thread Christian Brauner
Note, that since a while LXC is sending SIGRTMIN+3 to systemd. So unless systemd has changed it's shutdown/halt signal again LXC should send the right signal. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1625078] Re: lxc 2.0.4-0ubuntu3 ADT test failure with linux 4.8.0-11.12

2016-09-19 Thread Christian Brauner
Seem like a temporary failure when trying to import the `GPG` key. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1625078 Title: lxc 2.0.4-0ubuntu3 ADT test failure with

[Touch-packages] [Bug 1624028] Re: lxc create using debian template fails on ppc64el

2016-09-27 Thread Christian Brauner
Fix commited here: https://github.com/lxc/lxc/commit/bfbf793616ce36ec63bac2cf582474c14cecb712 ** Changed in: lxc (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1623143] Re: Linux container does not take same cpu configuration as kernet's hosts

2016-11-06 Thread Christian Brauner
Fix suggested https://github.com/lxc/lxc/pull/1282. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1623143 Title: Linux container does not take same cpu configuration as

[Touch-packages] [Bug 1271455] Re: lxc-create does not honor $HTTP_PROXY when using a cached base image

2016-10-10 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1271455 Title: lxc-create does not honor $HTTP_PROXY when

[Touch-packages] [Bug 1413343] Re: lxc-create debug output is broken or useless

2016-10-10 Thread Christian Brauner
This is now also documented on https://linuxcontainers.org/lxc/getting- started/. ** Changed in: lxc (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1543016] Re: lxc-destroy --quiet is not quiet

2016-10-10 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1543016 Title: lxc-destroy --quiet is not quiet

[Touch-packages] [Bug 1459751] Re: lxc-attach runs in wrong container directory

2016-10-10 Thread Christian Brauner
I don't think we can change this behavior since too many users might rely on this. ** Changed in: lxc (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1532125] Re: lxc-clone: Use btrfs backing store if original container does

2016-10-10 Thread Christian Brauner
Fixed by https://github.com/lxc/lxc/pull/760. ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1532125

[Touch-packages] [Bug 1595619] Re: lxc-clone fails with no useful information

2016-10-14 Thread Christian Brauner
LXC 1.1.* is deprecated and so is lxc-clone. Please switch to a newer LXC version and use lxc-copy. Thanks! ** Changed in: lxc (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in

[Touch-packages] [Bug 1302053] Re: lxc-start with bad container name gives strange err message

2016-10-14 Thread Christian Brauner
Fix is available here: https://github.com/lxc/lxc/pull/1234. ** Changed in: lxc (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 925043] Re: lxc-start-ephemeral does not support lvm

2016-10-14 Thread Christian Brauner
lxc-start-ephemeral is deprecated. Please switch to lxc-copy which should support this. ** Changed in: lxc (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1486696] Re: lxc-create -B btrfs fails if lxc.lxcpath is not on the same filesystem as /var/cache/lxc (not a configurable option)

2016-10-14 Thread Christian Brauner
Marking as won't fix since LXC 1.1.* is EOL. Also, there have been quite some improvements in btrfs handling on LXC side. If the issue still persists, please feel free to report a bug against or repo on github. ** Changed in: lxc (Ubuntu) Status: Triaged => Won't Fix -- You received this

[Touch-packages] [Bug 1536297] Re: unable to lxc-start unprivileged LXC on wily due to permissions error

2016-10-14 Thread Christian Brauner
The bug seems invalid. Furthermore, LXC 1.1.* is deprecated. Please update to a recent version. ** Changed in: lxc (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1514080] Re: lxc-templates lacks template for ubuntu core

2016-10-14 Thread Christian Brauner
LXC 1.1.* is deprecated so marking this as wont fix. Please update to a newer version of LXC. Also, it seems that Serge's and St├ęphane's comments make this a valid candidate for invalid. ** Changed in: lxc (Ubuntu) Status: New => Won't Fix -- You received this bug notification because

[Touch-packages] [Bug 1574969] Re: Regression: "lxc-create -B best" stopped working

2016-10-14 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1574969 Title: Regression: "lxc-create -B best" stopped

[Touch-packages] [Bug 1591513] Re: lxc-copy: bdev/bdev.c: bdev_copy: 381 no such block device type: overlay

2016-10-23 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1591513 Title: lxc-copy: bdev/bdev.c: bdev_copy: 381

[Touch-packages] [Bug 1591510] Re: lxc-copy: unrecognized option '--backingstorage'

2016-10-23 Thread Christian Brauner
Patch provided by cypressyew upstream: https://github.com/lxc/lxc/pull/1244. ** Changed in: lxc (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1522026] Re: armhf lxd container does not start on arm64 system

2016-10-24 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1522026 Title: armhf lxd container does not start on

[Touch-packages] [Bug 1556931] Re: lxc: adt testing failing across the board on ppc64el

2016-10-24 Thread Christian Brauner
Is this still an issue? In any case, I think that this was caused by trying to download an image that doesn't exist, e.g. a version of ubuntu that we did not provide a ppc64el build at the time. We recently merge https://github.com/lxc/lxc/pull/1232 which tries to be smarter about downloading an

[Touch-packages] [Bug 986956] Re: document that lxc-execute with separate rootfs does not work with commands

2016-10-24 Thread Christian Brauner
lxc-execute now works correctly without a rootfs in LXC 2.*.*. So closing this. ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1642767] Re: starting any container with umask 007 breaks lxc-stop and prevents host system shutdown

2016-11-22 Thread Christian Brauner
This sounds like a kernel bug to me. Can you please provide the output of: uname -a and try to reproduce this on a newer kernel version and report back? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

2016-11-26 Thread Christian Brauner
This does not seem to be reproducible on a 4.4.0-45 kernel without AppArmor stacking support. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1645037 Title:

[Touch-packages] [Bug 1623143] Re: Linux container does not take same cpu configuration as kernet's hosts

2016-11-14 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1623143 Title: Linux container does not take same cpu

[Touch-packages] [Bug 1624028] Re: lxc create using debian template fails on ppc64el

2016-10-12 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1624028 Title: lxc create using debian template fails

[Touch-packages] [Bug 1591513] Re: lxc-copy: bdev/bdev.c: bdev_copy: 381 no such block device type: overlay

2016-10-14 Thread Christian Brauner
See https://github.com/lxc/lxc/pull/1233. ** Changed in: lxc (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1591513 Title:

Re: [Touch-packages] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

2016-12-08 Thread Christian Brauner
On Thu, Dec 08, 2016 at 11:37:52AM -, John Johansen wrote: > Christian, > > could you please try against my test kernel? It has fixed the issue with > my local reproducer Sure, I'm currently testing! Thanks! Christian -- You received this bug notification because you are a member of

Re: [Touch-packages] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

2016-12-09 Thread Christian Brauner
On Thu, Dec 08, 2016 at 03:28:46PM +0100, Christian Brauner wrote: > On Thu, Dec 08, 2016 at 11:37:52AM -, John Johansen wrote: > > Christian, > > > > could you please try against my test kernel? It has fixed the issue with > > my local reproducer > > Sure

Re: [Touch-packages] [Bug 1649582] Re: lxc-start fails to start a unprivileged container - cgroup permissions

2016-12-16 Thread Christian Brauner
Ok, I think I may have clue. You're using lxcfs in version 2.0.4. This version of lxcfs does not handle uninitialized cpuset hierarchies which can happen when systemd does not allocate a per-user cgroup in the cpuset controller. I fixed this in lxcfs 2.0.5 by reimplementing the cgroup handling

Re: [Touch-packages] [Bug 1649582] Re: lxc-start fails to start a unprivileged container - cgroup permissions

2016-12-15 Thread Christian Brauner
Please attach the container config file and show or attache the output of the following commands: - grep cgroup /proc/1/mountinfo - cat /proc/self/cgroup - ls -al /sys/fs/cgroup - lxcfs --version Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded

Re: [Touch-packages] [Bug 1649582] Re: lxc-start fails to start a unprivileged container - cgroup permissions

2016-12-16 Thread Christian Brauner
Right, the cpuset bug is gone which was your main problem. Now the only thing left to do should be: chmod +x /home/sneetsher/.local Please try again and report back. :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in

Re: [Touch-packages] [Bug 1649582] [NEW] lxc-start fails to start a unprivileged container - cgroup permissions

2016-12-13 Thread Christian Brauner
Hi, Do you have libpam-cgfs installed? If not, could you install it, reboot and report back if it works? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1649582 Title:

[Touch-packages] [Bug 1623143] Re: Linux container does not take same cpu configuration as kernet's hosts

2016-12-13 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1623143 Title: Linux container does not take same cpu

[Touch-packages] [Bug 1649582] Re: lxc-start fails to start a unprivileged container - cgroup permissions

2016-12-16 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1649582 Title: lxc-start fails to start a unprivileged container -

Re: [Touch-packages] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

2016-12-03 Thread Christian Brauner
On Sat, Dec 03, 2016 at 12:58:54PM -, John Johansen wrote: > How reliable/repeatable is this for you? > > I have been hammering a machine for multiple days and not been able to > trip this once. > > I have been using the 4.8 ubuntu kernel the ubuntu-lxc/daily and the > ubuntu-lxc/stable

[Touch-packages] [Bug 1646462] Re: lxc container download error (possibly HSTS related)

2016-12-01 Thread Christian Brauner
lxc-create does not handle any web requests so this cannot be the cause. Upgrading this to a secure connection is also perfectly fine. Is this reliably reproducible still or was this maybe just a temporary server problem? -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1653725] Re: lxc-android-config not starting on ubuntu-touch/staging/* xenial-based images after lxc upgrade

2017-01-04 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1653725 Title: lxc-android-config not starting on

Re: [Touch-packages] [Bug 1646462] Re: lxc container download error (possibly HSTS related)

2017-01-09 Thread Christian Brauner
Hi, Have you tried again after a while. I don't think that this is related to the uid/gid mappings. In order for the download template to work you should have a default lxc config for your unprivileged user configured which would list the uid/gid mapping you want to use, e.g. # Container

[Touch-packages] [Bug 1653725] Re: lxc-android-config not starting on ubuntu-touch/staging/* xenial-based images after lxc upgrade

2017-01-04 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1653725 Title: lxc-android-config not starting on

[Touch-packages] [Bug 1684481] Re: KVM guest execution start apparmor blocks on /dev/ptmx now (regression?)

2017-04-22 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Committed ** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ap

[Touch-packages] [Bug 1690125] Re: hybrid control goup mode breaks lxc adt tests

2017-07-27 Thread Christian Brauner
Hey everyone, Uust as an fyi: I sent a branch https://github.com/lxc/lxc/pull/1713 which is now merged that makes LXC handle the hybrid cgroup case provided the cgroup v2 mount does not bind any controllers (Which is the current default). It will be included in the next LXC release. Thanks!

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-25 Thread Christian Brauner
This is very likely not a LXD bug. I suspect this is https://github.com/zfsonlinux/zfs/issues/5796 again which I reported to ZFS upstream. I'll ping them about this again tomorrow and if I don't hear back will take a look at this myself. ** Bug watch added: Github Issue Tracker for ZFS #5796

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-25 Thread Christian Brauner
Reproducible. Can you please open this bug on github. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1686036 Title: strange behavior after restore snapshot Status in lxc

[Touch-packages] [Bug 1686361] [NEW] systemd does not respect nofile ulimit when running in container

2017-04-26 Thread Christian Brauner
Public bug reported: When systemd currently starts in a container that has RLIMIT_NOFILE set to e.g. 10 systemd will lower it to 65536 since this value is hard-coded into systemd. I've pushed a patch to systemd upstream that will try to set the nofile limit to the allowed kernel maximum. If

Re: [Touch-packages] [Bug 1686361] Re: systemd does not respect nofile ulimit when running in container

2017-04-26 Thread Christian Brauner
Would be good if we could also SRU that to Xenial as well since this is likely what users will be using most of the time as image in their container. Adding stgraber to this thread. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-26 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: New => In Progress ** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu.

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-26 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1686036 Title: strange behavior after restore snapshot Status in

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-27 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1686036 Title: strange behavior after restore snapshot

[Touch-packages] [Bug 1684481] Re: KVM guest execution start apparmor blocks on /dev/ptmx now (regression?)

2017-04-21 Thread Christian Brauner
Hi John, hi Christian, Sent a branch to lxc that should fix this issue: https://github.com/lxc/lxc/pull/1519 ** Changed in: lxc (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1686036] Re: strange behavior after restore snapshot

2017-04-28 Thread Christian Brauner
LXD 2.13 doesn't include my fix https://github.com/lxc/lxd/commit/6c6af18b4ab4720c802a61fa932179562446a4df yet. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1686036 Title:

[Touch-packages] [Bug 1690822] Re: GPU device in lxc profile ignored?

2017-05-18 Thread Christian Brauner
On Thu, May 18, 2017 at 08:09:05AM -, Konstantinos Tsakalozos wrote: > I can confirm that "ls -al /dev/dri/" within the lxc container shows the > devices you expect. However, "lxc config show xen2" shows the devices > section being empty. This isn't a bug at all. :) You're adding a device to

[Touch-packages] [Bug 1690822] Re: GPU device in lxc profile ignored?

2017-05-16 Thread Christian Brauner
chb@conventiont|~ > lxc profile show dummy config: security.nesting: "true" security.privileged: "true" description: "" devices: gpu: type: gpu name: dummy used_by: - /1.0/containers/alp1 - /1.0/containers/alpgpu -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1690822] Re: GPU device in lxc profile ignored?

2017-05-16 Thread Christian Brauner
I've used your exact profile now: https://paste.ubuntu.com/24586449/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1690822 Title: GPU device in lxc profile ignored? Status

[Touch-packages] [Bug 1690822] Re: GPU device in lxc profile ignored?

2017-05-15 Thread Christian Brauner
I couldn't reproduce this behavior locally. - We'd need the logs for the daemon and the corresponding containers in question from /var/log/lxd/*, please. - Please also show cat /proc/1/mountinfo from inside one of those containers that doesn't mount the gpu device. -- You received this bug

[Touch-packages] [Bug 1654676] Re: lxc-user-nic does not ensure that target netns is caller-owned

2017-05-12 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1654676 Title: lxc-user-nic d

[Touch-packages] [Bug 1699759] Re: LXC Alpine template broken on ppc64le

2017-06-22 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1699759 Title: LXC Alpine template broken on ppc64le Status in

[Touch-packages] [Bug 1699903] Re: lxc-sshd won't start with 2.0.8

2017-06-22 Thread Christian Brauner
Hi Miroslav, Yes, we've been hardening the console handling code quite a bit prior to this release. It seems that you are on a read-only file system which prevents LXC from removing the underlying "/dev/console" file that already exists. LXC wants to remove this file since it wants to prevent

Re: [Touch-packages] [Bug 1699903] Re: lxc-sshd won't start with 2.0.8

2017-06-22 Thread Christian Brauner
On Thu, Jun 22, 2017 at 11:11:59PM -, Miroslav Los wrote: > Our actual templates are based on the lxc-sshd template example that > comes with lxc-templates. There, basically all the lxc is is bind-mounts > for necessary paths from the host, obviously read-only: The /dev bind-mount is

[Touch-packages] [Bug 1699919] Re: lxc copy between hosts preserves original uid/gid

2017-06-23 Thread Christian Brauner
Hi, I'm not sure what the problem here is. LXD will copy the filesystem mapped and will remap on demand if there's another sub{g,u}id range allocated for LXD on the new host. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

Re: [Touch-packages] [Bug 1699919] Re: lxc copy between hosts preserves original uid/gid

2017-06-23 Thread Christian Brauner
On Fri, Jun 23, 2017 at 10:19:46AM -, PshemK wrote: > The thing is - it didn't get remapped. Now I have two containers mapping > to the same range, both live: > > pshemk@ii:~$ lxc list > +-+-+-+--++---+ > | NAME | STATE |

[Touch-packages] [Bug 1692111] Re: Unable to configure raw.id_map with multiple entries

2017-06-01 Thread Christian Brauner
** Changed in: lxd (Ubuntu) Status: In Progress => Fix Committed ** Also affects: lxc (Ubuntu) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Status: New => Fix Committed ** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Christia

[Touch-packages] [Bug 1692111] Re: Unable to configure raw.id_map with multiple entries

2017-09-06 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1692111 Title: Unable to configure raw.id_map with

[Touch-packages] [Bug 1713726] Re: lxc 2.0.8-0ubuntu6 ADT test failure with linux 4.13.0-7.8

2017-08-29 Thread Christian Brauner
Has the `/etc/init/` directory and associated files been removed from artful I remember @xnox removing old init scripts. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1713726

[Touch-packages] [Bug 1734409] [NEW] systemd-sysctl: exit gracefully on EPERM/EACCESS

2017-11-24 Thread Christian Brauner
Public bug reported: Hi everyone, systemd-sysctl in systemd versions prior to 232 will exit with FAILED when not being able to apply kernel variables. In containers it should simply move on and exit with SUCCESS. Upstream systemd carries appropriate patches for this already. The relevant commits

[Touch-packages] [Bug 1734410] [NEW] systemd: handle undelegated cgroup2 hierarchy

2017-11-24 Thread Christian Brauner
Public bug reported: Hey everyone, Current systemd versions all fail when the unified cgroup hierarchy is not-writable. This is especially problematic in containers where the systemd administrator might decide to not delegate the unified hierarchy or when running with a liblxc driver that

[Touch-packages] [Bug 1635382] Re: PrivateNetwork=yes (hostnamed, localed) does not work in lxd

2018-05-08 Thread Christian Brauner
What? That's totally possible. Simply try unshare -n inside an unprivileged container as root. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1635382 Title:

[Touch-packages] [Bug 1770481] [NEW] core: fall back to bind-mounts for PrivateDevices= execution environments

2018-05-10 Thread Christian Brauner
Public bug reported: Hey, Currently any service that has PrivateDevices=true set will fail to start in unprivileged containers since mknod is not possible and in privileged containers that drop CAP_MKNOD. I pushed a patch to systemd upstream that solves this problem and makes PrivateDevices

[Touch-packages] [Bug 1770481] Re: core: fall back to bind-mounts for PrivateDevices= execution environments

2018-05-11 Thread Christian Brauner
We just had a short discussion on systemd and for systemd 229 on 16.04 we also need: 9e5f825280192be429cc79153235d12778427fae : https://github.com/systemd/systemd/commit/9e5f825280192be429cc79153235d12778427fae -- You received this bug notification because you are a member of Ubuntu Touch

Re: [Touch-packages] [Bug 1776381] Re: lxc-test-api-reboot will hang with autopkgtest

2018-06-12 Thread Christian Brauner
On Tue, Jun 12, 2018 at 12:46 PM, Free Ekanayaka wrote: > It might be a duplicate of https://github.com/lxc/lxd/issues/4485 (which > is fixed in 3.0.1, now in -proposed I believe). This is a LXC integration test that is failing, not a LXD one. :) > > We'd need to see the logs of the LXD daemon

Re: [Touch-packages] [Bug 1776381] Re: lxc-test-api-reboot will hang with autopkgtest

2018-06-12 Thread Christian Brauner
On Tue, Jun 12, 2018 at 8:39 AM, Po-Hsu Lin wrote: > If you leave it there for a long period, it will time out in the end: > make[1]: Leaving directory '/tmp/autopkgtest.ZiY11u/build.Nic/src' > FAIL: lxc-tests: lxc-test-api-reboot (9845s) The API reboot tests will hang indefinitely if the

Re: [Touch-packages] [Bug 1776381] Re: lxc-test-api-reboot will hang with autopkgtest

2018-06-14 Thread Christian Brauner
On Thu, Jun 14, 2018 at 04:19:39AM -, Po-Hsu Lin wrote: > Is there anything that I can do for debugging this? Hm, you could try manually creating a busybox container and trying to: - shut it down - reboot it with lxc-stop Christian -- You received this bug notification because you are a

[Touch-packages] [Bug 1755250] Re: backport statx syscall whitelist fix

2018-06-06 Thread Christian Brauner
This is indeed pretty important for some use-cases so we should try to come up with a reasonable solution. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1755250 Title:

[Touch-packages] [Bug 1690125] Re: hybrid control goup mode breaks lxc adt tests

2018-02-09 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Released ** No longer affects: lxc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1690125 Title: hybrid control

[Touch-packages] [Bug 1567037] Re: lxc-attach crashed with SIGSEGV in get_pty_on_host()

2018-02-09 Thread Christian Brauner
** Changed in: lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1567037 Title: lxc-attach crashed with SIGSEGV in

[Touch-packages] [Bug 1553097] Re: lxc-attach does not output stderr any more if stdout is redirected

2018-02-09 Thread Christian Brauner
** No longer affects: autopkgtest (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1553097 Title: lxc-attach does not output stderr any more if stdout is redirected

Re: [Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups

2018-02-15 Thread Christian Brauner
On Thu, Feb 15, 2018 at 11:29:03AM -, Aleksa Sarai wrote: > I've just sent a request for a CVE. I'm working on the patch now. My I assume the CVE will at least be correctly attributed to Craig. Christian -- You received this bug notification because you are a member of Ubuntu Touch seeded

Re: [Touch-packages] [Bug 1750654] [NEW] "lxc-create -B best" fails on non-btrfs/zfs system

2018-02-21 Thread Christian Brauner
On Tue, Feb 20, 2018 at 08:43:41PM -, Martin Pitt wrote: > Public bug reported: > > As per documentation, the `-B best` option should automatically select > the best backingstore, falling back all the way to dir. > > But apparently it doesn't, at least not in artful's 2.1.0-0ubuntu1: Hm, is

[Touch-packages] [Bug 1780227] Re: locking sockets broken due to missing AppArmor socket mediation patches

2018-07-27 Thread Christian Brauner
On Fri, Jul 27, 2018, 21:21 St├ęphane Graber wrote: > Ok, thanks for the update. I've now updated the bug once again to move > all the tasks over to the kernel. Can you attach the kernel patch here > when you can, I'm sure some of the subscribers may want to test this > ahead of the Ubuntu kernel

[Touch-packages] [Bug 1783591] Re: lxc-user-nic allows unprivileged users to open arbitrary files

2018-08-06 Thread Christian Brauner
New version to apply cleanly to master. ** Patch added: "0001-CVE-2018-6556-verify-netns-fd-in-lxc-user-nic-master.patch" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/+attachment/5172186/+files/0001-CVE-2018-6556-verify-netns-fd-in-lxc-user-nic-master.patch -- You received

[Touch-packages] [Bug 1783305] Re: apparmor DENIED when a systemd unit with DynamicUsers=yes is launched in a lxd container

2018-07-24 Thread Christian Brauner
*** This bug is a duplicate of bug 1780227 *** https://bugs.launchpad.net/bugs/1780227 This is an AppArmor bug that I reported and which is tracked here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227 So please close here in favor of that bug. Christian ** Changed in: lxd

[Touch-packages] [Bug 1575779] Re: hostnamectl fails under lxd unpriv container

2018-07-24 Thread Christian Brauner
** Changed in: apparmor (Ubuntu) Status: Fix Committed => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1575779 Title: hostnamectl fails under lxd

Re: [Touch-packages] [Bug 1783591] Re: lxc-user-nic allows unprivileged users to open arbitrary files

2018-08-30 Thread Christian Brauner
On Thu, Aug 30, 2018 at 08:02:56PM -, Salvatore Bonaccorso wrote: > One can still test existence of files with those patches, but I guess > this was explicitly not part of the fixes? Is there a reproducer? Yes, the open() can fail and we will report back to the user that the open() failed but

[Touch-packages] [Bug 1783591] Re: lxc-user-nic allows unprivileged users to open arbitrary files

2018-08-30 Thread Christian Brauner
If you think that you have found an actual security bug please file it as a new one to follow best security practices. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1783591

[Touch-packages] [Bug 1575779] Re: hostnamectl fails under lxd unpriv container

2018-07-05 Thread Christian Brauner
So, the good news is that this is all fixed upstream starting with 4.17 with the socket mediation patchset that got merged a short while ago. The bad news is that we need to get this patchset backported and it is quite large:

[Touch-packages] [Bug 1646462] Re: lxc-create cannot setgid

2018-07-12 Thread Christian Brauner
What's your LXC version? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1646462 Title: lxc-create cannot setgid Status in lxc: Unknown Status in lxc package in Ubuntu:

[Touch-packages] [Bug 1575779] Re: hostnamectl fails under lxd unpriv container

2018-07-04 Thread Christian Brauner
Hey, so we're seeing an instance of this issue and the problem is that a lock is taken on an fd instead of a path. This should be legal and we urgently need a fix for this since this is starting to break all systemd services running in a container that use PrivateUsers= and anything else that hits

  1   2   >