** Description changed:
+ == SRU Justification ==
+
+ Impact: Unprivileged lxc containers fail to start whenever a filesystem
+ is mounted on /proc/fs/nfsd.
+
+ Fix: Cherry pick upstream commit
+ d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02.
+
+ Regression Potential: This commit modifies proc_register so that callers
+ must set the proc_fops and/or proc_iops before calling rather that
+ proc_register assigning them based on the type of inode passed. All call
+ sites in 3.19 match exactly with those upstream at the time the patch
+ was merged, except for proc_create_mount_point which is the call site
+ causing this issue. Which is to say that there is no functional change
+ for any proc inodes except for the ones which can cause this problem,
+ therefore there should be little potential for regression.
+
+ ---
+
Unprivileged lxc containers fail to start in some instances under vivid:
lxc-start 1448306932.775 ERROR lxc_utils - utils.c:safe_mount:1686 -
Operation not permitted - Failed to mount proc onto
/usr/lib/x86_64-linux-gnu/lxc/proc
lxc-start 1448306932.775 ERROR lxc_conf -
conf.c:lxc_mount_auto_mounts:828 - Operation not permitted - error mounting
proc on /usr/lib/x86_64-linux-gnu/lxc/proc flags 14
The failure is caused by the backport of
7236c85e1be51a9e25ba0f6e087a66ca89605a49 "mnt: Update fs_fully_visible
to test for permanently empty directories." The backport itself is
correct but some of its assumptions are not met to do a change which
- happened after 3.19. This causes the directories under /proc/fs to fail
- the "directory is permanently empty" test, and if another filesystem is
- mounted on top of one of these directories this will cause the mount of
- proc in the container to fail. The fix is to bakcport
- d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02 "gut proc_register() a bit" as
- well.
+ happened after 3.19. This causes /proc/fs/nfsd to fail the "directory is
+ permanently empty" test, and when the nfsd fs another filesystem is
+ mounted on that directory it causes the mount of proc in the container
+ to fail. The fix is to bakcport d443b9fd56e85c0e58d10b75cf5eb38e0b2c4c02
+ "gut proc_register() a bit" as well.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: linux-image-3.19.0-33-generic 3.19.0-33.38
ProcVersionSignature: User Name 3.19.0-33.38-generic 3.19.8-ckt7
Uname: Linux 3.19.0-33-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Nov 23 21:22 seq
crw-rw---- 1 root audio 116, 33 Nov 23 21:22 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.17.2-0ubuntu1.8
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211
not found.
Date: Mon Nov 23 21:24:16 2015
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-33-generic
root=UUID=63d8816d-53d7-4318-b873-2cfe367b957a ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-3.19.0-33-generic N/A
linux-backports-modules-3.19.0-33-generic N/A
linux-firmware 1.143.7
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias:
dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU
** Also affects: linux (Ubuntu Vivid)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Vivid)
Importance: Undecided => High
** Changed in: linux (Ubuntu Vivid)
Status: New => In Progress
** Changed in: linux (Ubuntu Vivid)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1519106
Title:
Unprivileged lxc container fails to start due to error mounting proc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1519106/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
