[Bug 1266809] [NEW] adt-virt-lxc fails on Trusty

[Robie Basak]

Public bug reported:

adt-virt-lxc assumes that the unprivileged user can see inside
/var/lib/lxc in order to see when the guest container has finished
booting, by detecting cloud-init's boot-finished flag.

The newest lxc package locks down /var/lib/lxc by default, so this
breaks.

Hacked workaround: "sudo chmod 755 /var/lib/lxc". This reduces security
of the system, but I think it should be OK on single-user systems, such
as most environments where users are running adt-run.

To fix this properly, adt-virt-lxc needs to call out to sudo to check
for this flag, instead of calling os.path.exists, etc.

An even nicer fix would be for lxc to have this functionality. I have
filed bug 1266808 to track this.

** Affects: autopkgtest (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autopkgtest in Ubuntu.
https://bugs.launchpad.net/bugs/1266809

Title:
  adt-virt-lxc fails on Trusty

Status in “autopkgtest” package in Ubuntu:
  New

Bug description:
  adt-virt-lxc assumes that the unprivileged user can see inside
  /var/lib/lxc in order to see when the guest container has finished
  booting, by detecting cloud-init's boot-finished flag.

  The newest lxc package locks down /var/lib/lxc by default, so this
  breaks.

  Hacked workaround: "sudo chmod 755 /var/lib/lxc". This reduces
  security of the system, but I think it should be OK on single-user
  systems, such as most environments where users are running adt-run.

  To fix this properly, adt-virt-lxc needs to call out to sudo to check
  for this flag, instead of calling os.path.exists, etc.

  An even nicer fix would be for lxc to have this functionality. I have
  filed bug 1266808 to track this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1266809/+subscriptions