Waiting for the SRU to land in Saucy. Has it been delayed for some
reason or has it been forgotten? :-)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1244635
Title:
setuid executables
Good news.
However I must say that the documentation on LXC does not say that
libvirt is less secure than the official LXC:
https://help.ubuntu.com/13.10/serverguide/lxc.html#lxc-libvirt
So either libvirt should ship with an Apparmor profile for LXC, or a
warning should be added to the relevant p
Hi Stéphane,
I can see at least three ways of escaping.
The first is using LXC through libvirt. I see that there's an Apparmor
profile for usr.bin.lxc-start, but AFAIK libvirt does not use lxc-start.
Also, libvirt does not load the "lxc-containers" profile (AFAIK).
This is proven by the fact tha
> I also don't feel that this is a high priority bug since, so far, we
do not recommend allowing unprivileged users to use containers.
Agreed. Especially because (currently) it's fairly easy to escape from
LXC when you have root access to the container.
> I don't believe it would be a serious los
*** This bug is a security vulnerability ***
Public security bug reported:
If I execute "/var/lib/lxc/NAME/rootfs/usr/bin/sudo -i" on the host
system, it works exactly like "/usr/bin/sudo -i".
Now suppose that a user that has root access to the LXC container
creates a flawed setuid executable. W
** Description changed:
Many core packages depend on initramfs-tools when they should actually
depend on linux-initramfs-tools (virtual package provided by initramfs-
tools and dracut).
Debian seems to be using "Depends: initramfs-tools | linux-initramfs-
tools" for almost every relev
Marking as high as this bug makes dracut impossible to install.
** Changed in: udev (Ubuntu)
Status: New => Confirmed
** Changed in: ubuntu-meta (Ubuntu)
Status: New => Confirmed
** Changed in: multipath-tools (Ubuntu)
Status: New => Confirmed
** Changed in: lvm2 (Ubuntu)
** Also affects: lvm2 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: console-setup (Ubuntu)
Importance: Undecided
Status: New
** Also affects: multipath-tools (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ubuntu-meta (Ubuntu)
Importance
=> Confirmed
** Changed in: kvm (Ubuntu)
Milestone: ubuntu-11.10-beta-2 => None
** Changed in: kvm (Ubuntu)
Assignee: Andrea Corbellini (andrea.corbellini) => (unassigned)
** This bug has been marked a duplicate of bug 782973
virtfs isn't enabled
--
You received this bug notifi
Assignee: (unassigned) => Andrea Corbellini (andrea.corbellini)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to kvm in Ubuntu.
https://bugs.launchpad.net/bugs/830084
Title:
fsdev is not supported by this qemu build
To manage notifica
Public bug reported:
The version of kvm shipped with Ubuntu does not support the -fsdev
option.
$ virsh start my-domain
error: Failed to start domain my-domain
error: internal error Process exited while reading console log output: kvm:
-fsdev local,security_model=passthrough,id=fsdev-fs0,path=/h
Hi. Sorry but currently I'm not able to provide my domain.xml (however
will do as soon as I find the time). But I would like to say that I'm
not using eucalyptus and all my VMs work fine without apparmor.
--
Instances don't start correctly: Security Labeling error running
aa_change_profile()
htt
Oops, sorry! I ran "virsh capabilities" after disabling apparmor.
So, to clarify: with AppArmor, every attempt to use a virtual machine
fails; without it, everything works perfectly.
** Attachment added: "virsh-capabilities-with-apparmor"
https://bugs.edge.launchpad.net/ubuntu/+source/eucalyp
Hi Jamie and thank you for your feedback. Here are the answers to your
questions:
1. my capabilities are in the attachment;
2. there are no lines containing DENIED in my logs;
3. restarting libvirt without disabling AppArmor produces no effects.
** Attachment added: "virsh-capabilities"
https
I see this bug too, but I don't think the problem is in eucalyptus: I'm
using qemu+kvm+libvirt.
Whenever I try to start any of my virtual machines (that just some days
ago in Lucid worked fine) I get this error:
# virsh -c qemu:///system start abc
error: Failed to start domain abc
error: internal
** Changed in: net-snmp (Ubuntu)
Importance: Undecided => Medium
Status: New => Confirmed
--
snmpd dosen't purge non persistent interfaces
https://bugs.launchpad.net/bugs/60213
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-
16 matches
Mail list logo
