[pkg-lxc-devel] Bug#839843: /usr/bin/lxc-create: Ran rm -rf on an entire filesystem after failing to create a container
Christian Brauner
christian.brauner at canonical.com
Fri Oct 28 22:38:40 UTC 2016
On Wed, 05 Oct 2016 13:25:18 -0400 Matthew Gabeler-Lee
<cheetah at fastcat.org> wrote:
> Package: lxc
> Version: 1:2.0.4-1
> Severity: normal
> File: /usr/bin/lxc-create
>
> I ran lxc-create to setup an image, and realized I had given it the wrong
> arguments (wrong distro version, nothing dramatic), so I stopped it with
> Ctrl-C and cleaned up the partial directory it left behind.
>
> Some time later, while in the process of setting up the container created
> from using the correct arguments, I noticed many many things going wrong.
> As I started to go WTF, this pops out on the console used for the original
> incorrect lxc-create:
>
> lxc-destroy: utils.c: _recursive_rmdir: 170 _recursive_rmdir: failed to delete /scratch
> lxc-destroy: lxccontainer.c: container_destroy: 2384 Error destroying rootfs for centos7-32bit-lxc
> Container is not defined
> exiting...
>
> It ran rm -rf on the ENTIRE FILESYSTEM CONTAINING ALL OF MY LXC IMAGES.
>
> Instead of doing an rm -rf on the container, it tried to do an rm -rf of the
> directory in which the container was created, and since it had to be run as
> root to create the container, it was pretty $#!%$ successful.
>
> reportbug wants me to quote chapter and verse from the policy manual to mark
> this as a serious bug, but "don't rm -rf the entire OS" is so blatantly
> obvious that there is no specific policy entry to reference.
>
>
> -- System Information:
> Debian Release: stretch/sid
> APT prefers testing
> APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages lxc depends on:
> ii init-system-helpers 1.45
> ii libapparmor1 2.10.95-4+b1
> ii libc6 2.24-3
> ii libcap2 1:2.25-1
> ii liblxc1 1:2.0.4-1
> ii libseccomp2 2.3.1-2
> ii libselinux1 2.5-3
> ii python3 3.5.1-4
> pn python3:any <none>
>
> Versions of packages lxc recommends:
> ii bridge-utils 1.5-9
> pn cgmanager <none>
> pn debootstrap <none>
> ii dirmngr 2.1.15-3
> ii dnsmasq-base 2.76-4
> ii gnupg 2.1.15-3
Hi,
Can you please specify the exact commands you used to create the container,
and the commands you used to clean up the partial directory. The
partial directory
should usually be cleaned up by LXC itself. So I'm wondering if this
has anything
to do with it. If it's not too much trouble, could you also file a bug against
https://github.com/lxc/lxc and link in this one here?
Christian
More information about the Pkg-lxc-devel
mailing list