** Summary changed: - lxc container can power-off the host machine + lxc container can power-off host machine
** Description changed: Binary package hint: lxc Bug related information: # lsb_release -rd Description: Ubuntu 10.04.1 LTS Release: 10.04 # apt-cache policy lxc lxc: - Installed: 0.7.2-1~10.04~csz1 - Candidate: 0.7.2-1~10.04~csz1 - Version table: - *** 0.7.2-1~10.04~csz1 0 - 500 http://ppa.launchpad.net/cszikszoy/ppa/ubuntu/ lucid/main Packages - 100 /var/lib/dpkg/status - 0.6.5-1 0 - 500 http://mirror.switch.ch/ftp/mirror/ubuntu/ lucid/universe Packages + Installed: 0.7.2-1~10.04~csz1 + Candidate: 0.7.2-1~10.04~csz1 + Version table: + *** 0.7.2-1~10.04~csz1 0 + 500 http://ppa.launchpad.net/cszikszoy/ppa/ubuntu/ lucid/main Packages + 100 /var/lib/dpkg/status + 0.6.5-1 0 + 500 http://mirror.switch.ch/ftp/mirror/ubuntu/ lucid/universe Packages (NEVERMIND if I am using a PPA version: it's the same version you're using in Maverick and I don't think this is causing the issue that I am facing now). - I created a system image by using the tool "lxc-create" and by using the included templates (I even created images myself without this tool, nothing changes with this issue) - The tool makes all the steps to create the image (debootstrap and so on) and, at the end of the process, it creates a config file suitable for that image. + I created a system image by using the tool "lxc-create" and by using the included templates (I even created images myself without this tool, and nothing changes with this issue) + The tool makes all the necessary steps to create the image (debootstrap and so on) and, at the end of the process, it creates a config file suitable for that image. One of the last rows of the config file is: lxc.mount.entry=proc /lxc/cont_1/rootfs/proc proc nodev,noexec,nosuid 0 0 same identical problem happens if I comment out this row and I mount /proc myself from /etc/fstab inside the container The problem arises when I issue the command: echo b > /proc/sysrq-trigger In this case the host machine will power-off, and not the container. - It's possible to check what I said, without harming your server, just by running a sync command on the container: + It's possible to check what I said, without harming your server, just by running a sync command on the container: echo b > /proc/sysrq-trigger - and checking /var/log/messages on the host server. + and than checking /var/log/messages on the host server. You'll see that the command is intercepted from the host and not from the container. Right now, I have no idea how to circumvent this issue, and if this problem persist, I feel the security of LXC is heavily compromised. -- lxc container can power-off host machine https://bugs.launchpad.net/bugs/645625 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
