[Bug 1675163] Re: Don't attempt to create devices in LXC containers

Dustin Kirkland  dustin.kirkland at gmail.com
Wed Mar 22 20:50:44 UTC 2017 

This needs to be urgently fixed for 12.04, as this bug is blocking
upgrades of 12.04 to 14.04 succeeding.

** Also affects: makedev (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: makedev (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Also affects: makedev (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: makedev (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: makedev (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: makedev (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Changed in: makedev (Ubuntu Precise)
   Importance: Undecided => Critical

** Changed in: makedev (Ubuntu Trusty)
   Importance: Undecided => Critical

** Changed in: makedev (Ubuntu Vivid)
   Importance: Undecided => Critical

** Changed in: makedev (Ubuntu Precise)
   Importance: Critical => High

** Changed in: makedev (Ubuntu Trusty)
   Importance: Critical => High

** Changed in: makedev (Ubuntu Vivid)
   Importance: Critical => High

** Changed in: makedev (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: makedev (Ubuntu Yakkety)
   Importance: Undecided => High

** Changed in: makedev (Ubuntu Zesty)
   Importance: Undecided => High

** Changed in: makedev (Ubuntu Precise)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Vivid)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Yakkety)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Zesty)
       Status: New => Triaged

** Changed in: makedev (Ubuntu Precise)
    Milestone: None => precise-updates

** Changed in: makedev (Ubuntu Trusty)
    Milestone: None => trusty-updates

** Changed in: makedev (Ubuntu Vivid)
    Milestone: None => vivid-updates

** Changed in: makedev (Ubuntu Xenial)
    Milestone: None => xenial-updates

** Changed in: makedev (Ubuntu Yakkety)
    Milestone: None => yakkety-updates

** Changed in: makedev (Ubuntu Zesty)
    Milestone: None => ubuntu-17.04

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to makedev in Ubuntu.
https://bugs.launchpad.net/bugs/1675163

Title:
  Don't attempt to create devices in LXC containers

Status in makedev package in Ubuntu:
  Triaged
Status in makedev source package in Precise:
  Triaged
Status in makedev source package in Trusty:
  Triaged
Status in makedev source package in Xenial:
  Triaged
Status in makedev source package in Yakkety:
  Triaged
Status in makedev source package in Zesty:
  Triaged

Bug description:
  Right now the "makedev" postinst script will attempt to create a
  number of devices in /dev, failing the package upgrade should any of
  those mknod calls fail.

  LXC containers, especially unprivileged ones do not allow the use of
  mknod, making it impossible to upgrade makedev in those containers and
  preventing Ubuntu release upgrades.

  The fix is quite simple, detect that we are running in an LXC
  container and skip the rest of the postinst script as is done in a
  number of other cases.

  = SRU
  == Rationale
  This issue prevents release to release upgrades in unprivileged LXC containers when makedev is part of the upgraded set. This is currently visible when upgrading from Ubuntu 12.04 to Ubuntu 14.04.

  == Testcase
  Install the new package in an unprivileged container. With LXD, simply use "lxc launch ubuntu:<series> test" to create the container.

  Prior to this fix, the upgrade will fail on some mknod errors, after
  it, it'll go on after printing a message indicating that LXC was
  detected.

  == Regression potential
  The detection logic is based on PID 1's environment containing a container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the makedev upgrade no longer creating extra devices. This is unlikely to really matter though since the system is clearly already functioning properly at that point.

  Similarly, some privileged LXC containers can be configured in a way
  where mknod is possible, this update will still disable the postinst
  for those cases as short of attempting every mknod ahead of time,
  there is no reliable way to detect any seccomp or apparmor policy in
  play.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions

More information about the foundations-bugs mailing list