[lxc-devel] Bump: Failure with authorisation of update-manager in Ubuntu Desktop-Container

Guido Jäkel G.Jaekel at DNB.DE
Sun Jan 11 11:01:46 UTC 2015


On 10.01.2015 17:13, Serge Hallyn wrote:
> Quoting Guido Jäkel (G.Jaekel at DNB.DE):
>> Hi Dev's,
>>
>> may anyone please help me to solve this issue?
>>
>> Guido
>>
>> On 04.01.2015 20:01, Guido Jäkel wrote on [lxc-user]:
>>> My goal here is to set up a Ubuntu Desktop Container ...
>>> [...]
>>> After a a few tweaks, this already runs very well...
>>> [...]> But now I stuck at an issue concerning the GUI versions of software management: The apt commandline tools work, but the GUI program update-manager shows the error message "You are not allowed to perform this action" and fail to work. However, if i start it with 'gksudo update-manager', there is no such message.
>>>
>>> In the same way, the software-manager or other GUI methods to install/remove software is not working. May anybody please have a hint what might be missing in the container setup or have to be tweaked inside?
> 
> So you have ubuntu desktop running in a unprivileged container?  Exactly how are
> you logging in - you have a tty on the host which runs x in the container?  vnc?
> x2go?  spice?

No, this my own Gentoo home server and the Ubuntu container is started by root. It have direct access to the video card (because the host just use the console for emergencies and is managed by ssh), the tty7 and the input dev's (keyboard and mouse). Please refer to my first posting in lxc-user at 2015-01-04 for some details.

Actually, this email is written inside the Ubuntu Container.



> I assume there's nothing in syslog or /var/log/audit/audit.log?

There is no /var/log/audit/ inside the container. I've appended the container's syslog for a startup. The most noticable lines in /var/log/syslog are

	Jan 11 10:50:04 celly gnome-session[1333]: WARNING: Could not get session id for session. Check that logind is properly installed and pam_systemd is getting used at login.
	Jan 11 10:50:06 celly gnome-session[1333]: GLib-CRITICAL: g_environ_setenv: assertion 'value != NULL' failed

I'm used to maintain Unix servers, but don't have any deeper understanding of desktop mechanisms. But the keywords "gnome session" and "pam" sounds very suspicious to me.



> Can you strace update-manager and grep -e "(EPERM|EACCES)" ?

Because of the lists atachement limit, I've send to trace to your private mail. Slowed down by the strace, before the error alert box I see a message in the dialog box that it's waiting for authorisation for some time. You meant 'grep -E ...' for sure, I get

	stat("/root/.synaptic/synaptic.conf", 0x7fff5d4b9aa0) = -1 EACCES (Permission denied)
	access("/var/cache/apt/", W_OK)         = -1 EACCES (Permission denied)
	open("/var/lib/update-manager/meta-release-lts", O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)
	open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = -1 EACCES (Permission denied)
	access("/var/cache/apt/", W_OK)         = -1 EACCES (Permission denied)
	open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = -1 EACCES (Permission denied)
	access("/var/cache/apt/", W_OK)         = -1 EACCES (Permission denied)

but also the following looks suspect because the name of the container is "celly" and the source of cloning is "nelly".

	socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
	connect(3, {sa_family=AF_LOCAL, sun_path=@"/tmp/.X11-unix/X0"}, 20) = 0
	getpeername(3, {sa_family=AF_LOCAL, sun_path=@"/tmp/.X11-unix/X0"}, [20]) = 0
->	uname({sys="Linux", node="celly", ...}) = 0
	access("/home/gjaekel/.Xauthority", R_OK) = 0
	open("/home/gjaekel/.Xauthority", O_RDONLY) = 4
	fstat(4, {st_mode=S_IFREG|0600, st_size=250, ...}) = 0
	mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81e051e000
->	read(4, "\1\0\0\5nelly\0\0011\0\22MIT-MAGIC-COOKIE-1"..., 4096) = 250
	read(4, "", 4096)                       = 0
	close(4)  

Might the problem based on the fact, that i simply just copy to much files? I take a snapshot of the rootfs from running system "nelly" using 'rsync -au <src> <dst>' ...


greetings

Guido

-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog.startup.bz2
Type: application/x-bzip
Size: 2872 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150111/3b8acb5c/attachment.bin>


More information about the lxc-devel mailing list