[Bug 1253669] [NEW] unable to launch lxc application containers when dropping cap_sysadmin
Sebastian Wendland
wendland at cg.uni-saarland.de
Thu Nov 21 14:55:29 UTC 2013
Public bug reported:
Using the 0.8.0~rc1 lxc release, it was possible to start an application
container with the lxc.cap.drop=sys_admin option (# lxc-execute -n foo
-s lxc.cap.drop=sys_admin -- /bin/bash). Since the new 1.0.0~alpha1
release, this is not possible anymore; the application immediately
crashes upon being called by lxc-init, thus killing the container. When
any other capability (or combination of capabilities) is dropped, the
container still starts up however, only dropping cap_sys_admin results
in an error.
I've attached the debug output of # lxc-execute -o foo -l DEBUG -n foo
-s lxc.cap.drop=sys_admin -- /bin/bash for reference.
Release: 12.04.3 with HWE, Kernel 3.8.0-32-generic #47~precise1-Ubuntu SMP Wed Oct 2 16:19:35 UTC 2013 x86_64
LXC version: 1.0.0~alpha1-0ubuntu13~ubuntu12.04.1
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "lxc-execute debug output"
https://bugs.launchpad.net/bugs/1253669/+attachment/3914176/+files/foo.txt
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1253669
Title:
unable to launch lxc application containers when dropping cap_sysadmin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1253669/+subscriptions
More information about the Ubuntu-server-bugs
mailing list