[pkg-lxc-devel] Bug#839843: /usr/bin/lxc-create: Ran rm -rf on an entire filesystem after failing to create a container

Pierre-Elliott Bécue peb at debian.org
Sat Jan 12 11:13:36 GMT 2019 

Le jeudi 10 janvier 2019 à 23:30:18-0500, Matthew Gabeler-Lee a écrit :
> reassign 839843 lxc-templates 3.0.3-1
> thanks
> 
> On 2019-01-10 18:12, Pierre-Elliott Bécue wrote:
> > Matthew, I'm really sorry about the bad experience you've met in 2016. I
> > guess you don't have the reply to Christian question three years after.
> > 
> > I'll let the bug open, but I guess it'll never find a solution.
> 
> Well, as you surmised I don't have much direct info at this stage, esp.
> since this happened on a work machine at a job I have since left.  However
> looking back at Christian's questions, and comparing that to the current LXC
> code and the basics of what I know I was trying to do at the time, I think I
> now understand what went wrong.
> 
> As you can guess from the directory names, I was working on instantiating a
> CentOS container.
> 
> Looking at the lxc-centos template in current Buster, I see this code:
> 
> ##########
> 
> revert()
> {
>     echo "Interrupted, so cleaning up"
>     lxc-destroy -n $name
>     # maybe was interrupted before copy config
>     rm -rf $path
>     echo "exiting..."
>     exit 1
> }
> 
> trap revert SIGHUP SIGINT SIGTERM
> 
> ##########
> 
> And now the horror show makes a little more sense.  I suspect, in trying to
> work out how to change where it created the original rootfs from being under
> /var to the destination I wanted (a container-named folder in that /scratch
> filesystem), I had used --path /scratch.  I probably then realized it was
> creating the rootfs as /scratch/rootfs not /scratch/container-name, and hit
> Ctrl-C.  And that triggered the revert code above, which ran the rm -rf
> /scratch.
> 
> I note that only some of the templates have this pattern -- archlinux,
> centos, fedora, fedora-legacy, pld, and void-linux.  The lxc-debian template
> does not, though it does have a SIGINT handler, that cleans up something
> different and which looks guaranteed to be "safe".
> 
> So, I guess this bug needs to be reassigned to lxc-templates.  I've tried to
> do that above, hopefully I didn't fat finger it :)

Thanks for your thoroughness. I forwarded the bug to upstream, I hope
they'll offer a solution.

In the meantime, I'll try and design one for the Debian package.

Cheers.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20190112/ac0c0497/attachment-0001.sig>

More information about the Pkg-lxc-devel mailing list