<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'><style>p { margin: 0; }</style><div style="font-family: Times New Roman; font-size: 12pt; color: rgb(0, 0, 0);">Hi !<br><br>I've tried to reproduce this bug on 0.6.5 lxc release and the same bug appears when i run the umount command or rmmod command.<br><br>To reproduce the bug :<br><br>Host name : debian <br>Guest container name : container <br><br>You MUST create a dedicated partition to share your containers (an other
partition than " / ") <br><br>debian:# df <br><br> /dev/hda1 7850996 2058732 5393452 28% / <br> tmpfs 253768 0 253768 0% /lib/init/rw <br> udev 10240 108 10132 2%
/dev <br> tmpfs 253768 0 253768 0% /dev/shm <br> /dev/hdb1
4127076 552552 3364880 15% /mnt/vmr1 <br><br> Then enter into the container (lxc-console -n container) and stop cron,
syslog, bind 9,ssh processes. <br><br>container:~# ps aux <br> <br> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND <br> root 1 0.0 0.1 1984 692 ? Ss 11:10 0:00 init [2] <br> root 387 0.0
0.4 5884 2272 console Ss 11:10 0:00 /bin/login -- <br> root 388 0.0
0.1 1992 572 tty1 Ss+ 11:10 0:00 /sbin/getty 38400 tty1 <br> root
389 0.0 0.1 1992 568 tty2 Ss+ 11:10 0:00 /sbin/getty 38400 tty2 <br> root 390 0.0 0.1 1992 568 tty3 Ss+ 11:10 0:00 /sbin/getty 38400 tty3 <br> root 392 0.0 0.5 4132 2680 console S 11:11 0:00 -bash <br> root 584
0.0 0.1 2644 956 console R+ 11:43 0:00 ps aux <br> <br> Then
use the mount command : <br> <br> container:~# mount -o
remount,ro / <br> <br>Return to the Host and try to create a
file in /mnt/vmr1/ . The folder is set in "read only". <br><br>The second bug :<br><br>Install ntfs module in the host : (exemple with ntfs module)<br><br>debian:# modprobe ntfs<br><br>Enter into the container and delete ntfs module <br><br>container:~# rmmod ntfs<br><br>Return to the host : the module has been removed<br><br><br><br>Does anyone have solved this problem ?<br><br>I think it is a major security problem.<br><br><br>----- Mail Original -----<br>De: "Daniel Lezcano" <daniel.lezcano@free.fr><br>À: "Elias Olivares" <eolivares@1g6.biz><br>Cc: lxc-devel@lists.sourceforge.net<br>Envoyé: Vendredi 8 Janvier 2010 13:14:36<br>Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod command<br><br>Elias Olivares wrote:<br>> <br>> <br>> Hi ! <br>> <br>> I've found the way to reproduce the bug. <br>> <br>> Host name : debian <br>> Guest container name : container <br>> <br>> You MUST create a dedicated partition to share your containers (an other partition than " / ") <br><br>Thanks, I will check when I have time.<br><br><br><br>> Here the container is created in /mnt/vmr1/ : <br>> <br>> debian:# df <br>> <br>> /dev/hda1 7850996 2058732 5393452 28% / <br>> tmpfs 253768 0 253768 0% /lib/init/rw <br>> udev 10240 108 10132 2% /dev <br>> tmpfs 253768 0 253768 0% /dev/shm <br>> /dev/hdb1 4127076 552552 3364880 15% /mnt/vmr1 <br>> <br>> Then enter into the container (lxc-console -n container) and stop cron, syslog, bind 9,ssh processes. <br>> <br>> container:~# ps aux <br>> <br>> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND <br>> root 1 0.0 0.1 1984 692 ? Ss 11:10 0:00 init [2] <br>> root 387 0.0 0.4 5884 2272 console Ss 11:10 0:00 /bin/login -- <br>> root 388 0.0 0.1 1992 572 tty1 Ss+ 11:10 0:00 /sbin/getty 38400 tty1 <br>> root 389 0.0 0.1 1992 568 tty2 Ss+ 11:10 0:00 /sbin/getty 38400 tty2 <br>> root 390 0.0 0.1 1992 568 tty3 Ss+ 11:10 0:00 /sbin/getty 38400 tty3 <br>> root 392 0.0 0.5 4132 2680 console S 11:11 0:00 -bash <br>> root 584 0.0 0.1 2644 956 console R+ 11:43 0:00 ps aux <br>> <br>> Then use the mount command : <br>> <br>> container:~# mount -o remount,ro / <br>> <br>> Return to the Host and try to create a file in /mnt/vmr1/ . The folder is set in "read only". <br>> <br>> I tried with the 0.6.4 version and I have the same problem. <br>> <br>> <br>> Elias Olivares <br>> <br>> <br>> ----- Mail Original ----- <br>> De: "Elias Olivares" <eolivares@1g6.biz> <br>> À: "Daniel Lezcano" <daniel.lezcano@free.fr> <br>> Cc: lxc-devel@lists.sourceforge.net <br>> Envoyé: Mercredi 6 Janvier 2010 16:05:58 <br>> Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod command <br>> <br>> <br>> Ok thanks for this advice. I can't try now but I will try tommorow ... <br>> <br>> Elias <br>> <br>> <br>> ----- Mail Original ----- <br>> De: "Daniel Lezcano" <daniel.lezcano@free.fr> <br>> À: "Elias Olivares" <eolivares@1g6.biz> <br>> Cc: lxc-devel@lists.sourceforge.net <br>> Envoyé: Mercredi 6 Janvier 2010 13:03:59 <br>> Objet: Re: [lxc-devel] bugs with LXC container : mount and rmmod command <br>> <br>> Elias Olivares wrote: <br>>> Hi <br>>><br>>><br>>> My Lxc configuration file : ( /var/lib/lxc/xxx.1g6.biz /config ) <br>>><br>>> lxc.utsname = xxx.1g6.biz <br>>> lxc.tty = 4 <br>>> lxc.pts = 1024 <br>>> lxc.network.type = veth <br>>> lxc.network.flags = up <br>>> lxc.network.link = br0 <br>>> lxc.network.name = eth0 <br>>> lxc.network.mtu = 1500 <br>>> #lxc.mount = <br>>> lxc.rootfs = /mnt/vmr1/xxx.1g6.biz <br>>> lxc.cgroup.devices.deny = a <br>>> # /dev/null and zero <br>>> lxc.cgroup.devices.allow = c 1:3 rwm <br>>> lxc.cgroup.devices.allow = c 1:5 rwm <br>>> # consoles <br>>> lxc.cgroup.devices.allow = c 5:1 rwm <br>>> lxc.cgroup.devices.allow = c 5:0 rwm <br>>> lxc.cgroup.devices.allow = c 4:0 rwm <br>>> lxc.cgroup.devices.allow = c 4:1 rwm <br>>> # /dev/{,u}random <br>>> lxc.cgroup.devices.allow = c 1:9 rwm <br>>> lxc.cgroup.devices.allow = c 1:8 rwm <br>>> lxc.cgroup.devices.allow = c 136:* rwm <br>>> lxc.cgroup.devices.allow = c 5:2 rwm <br>>> # rtc <br>>> lxc.cgroup.devices.allow = c 254:0 rwm <br>>><br>>> # lxc-version <br>>> lxc version: 0.6.3 <br>> <br>> There were some modifications with how the rootfs is mounted. <br>> <br>> Can you check against the 0.6.4 version ? <br>> <br>> wget http://lxc.sourceforge.net/download/lxc/lxc-0.6.4.tar.gz <br>> tar xvzf lxc-0.6.4.tar.gz <br>> cd lxc-0.6.4 <br>> ./configure --localstate=/var --prefix=/usr --libdir=/usr/lib64 (if you <br>> are on a x86_64 arch). <br>> make && sudo make install <br>> <br>> Or may be you can try with the latest git repository: <br>> <br>> git-clone git://lxc.git.sourceforge.net/gitroot/lxc/lxc <br>> cd lxc <br>> ./autogen.sh <br>> ./configure --localstate=/var --prefix=/usr --libdir=/usr/lib64 (if you <br>> are on a x86_64 arch). <br>> make && sudo make install <br>> <br>> ------------------------------------------------------------------------------ <br>> This SF.Net email is sponsored by the Verizon Developer Community <br>> Take advantage of Verizon's best-in-class app development support <br>> A streamlined, 14 day to market process makes app distribution fast and easy <br>> Join now and get one step closer to millions of Verizon customers <br>> http://p.sf.net/sfu/verizon-dev2dev <br>> _______________________________________________ <br>> Lxc-devel mailing list <br>> Lxc-devel@lists.sourceforge.net <br>> https://lists.sourceforge.net/lists/listinfo/lxc-devel <br>> <br>> <br>> <br>> ------------------------------------------------------------------------<br>> <br>> ------------------------------------------------------------------------------<br>> This SF.Net email is sponsored by the Verizon Developer Community<br>> Take advantage of Verizon's best-in-class app development support<br>> A streamlined, 14 day to market process makes app distribution fast and easy<br>> Join now and get one step closer to millions of Verizon customers<br>> http://p.sf.net/sfu/verizon-dev2dev <br>> <br>> <br>> ------------------------------------------------------------------------<br>> <br>> _______________________________________________<br>> Lxc-devel mailing list<br>> Lxc-devel@lists.sourceforge.net<br>> https://lists.sourceforge.net/lists/listinfo/lxc-devel<br><br></div></div></body></html>