[pkg-lxc-devel] Bug#934155: lxc: unprivileged lxc container with veth does not start since update to 1:3.1.0+really3.0.4-1 amd64
Jarek Slosarczyk
jarek.slosarczyk at mail.de
Mon Aug 19 14:53:28 BST 2019
hi,
i've digged more into the issue.
Since update from 1:3.1.0+really3.0.3-8 to 1:3.1.0+really3.0.4-1 binary
'lxc-user-nic' is not SUID anymore.
This change looks like:
lxc 1:3.1.0+really3.0.3-8
/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic -rwsr-xr-x root:root
lxc 1:3.1.0+really3.0.4-1
/usr/libexec/lxc/lxc-user-nic -rwxr-xr-x root:root
At this moment 'lxc-user-nic' doesn't have permissions to make any
modification in '/run/lxc/nics', and fails with:
lxc-start test0 20190819112823.602 ERROR network - network.c:lxc_create_network_unpriv_exec:2296 - lxc-user-nic fail
ed to configure requested network: Permission denied - Failed to create /run/lxc
Setting SUID to '/usr/libexec/lxc/lxc-user-nic' makes unprivileged container with
veth usable again.
BTW - the same issue still exists in the following version
1:3.1.0+really3.0.4-1.1 of lxc.
regards
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
More information about the Pkg-lxc-devel
mailing list