[Lxc-users] Can't execute a python shell script from /run/*

David Parks davidparks21 at yahoo.com
Mon Apr 22 08:47:00 UTC 2013


Ah, You are a scholar and a gentleman Fajar. Your email just saved us untold
hours of toil. Now I see how those FS's are mounted, I wasn't aware of this
other fstab, I removed the noexec mount option and all is well now. We've
been tracking a related issues for 4 days now. Thank you!!

 

Incidentally, to your question, this is a 12.04 'ubuntu' template container
running under a 12.10 host (the application, cloudera/hadoop, was super
picky about versions).

 

David

 

 

From: Fajar A. Nugraha [mailto:list at fajar.net] 
Sent: Monday, April 22, 2013 3:02 PM
To: David Parks
Cc: LXC
Subject: Re: [Lxc-users] Can't execute a python shell script from /run/*

 

On Mon, Apr 22, 2013 at 2:44 PM, David Parks <davidparks21 at yahoo.com> wrote:

We're running an app that installs some files to /run and needs to execute a
python script in that directory.

 

Even the root user is denied permission to execute the script, which tells
me that LXC (presumably AppArmor) is blocking access to running a script
under /run/*

 

Nope.

 

On my host:

tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)

 

... which is mounted from /lib/init/fstab. noexec prevents running any
executable there.

 

Now what's interesting is that my ubuntu template (0.9.0-0ubuntu2)
specifically create an empty /lib/init/fstab, so you shouldn't even have a
/run mount entry in a container. What is the content of that file on your
container? Or perhaps you manually have an entry for /run on your
container's fstab?

 

-- 

Fajar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130422/e6b17d22/attachment.html>


More information about the lxc-users mailing list