[lxc-users] udevadm trigger corrupts the container

Serge Hallyn serge.hallyn at ubuntu.com
Wed Jul 29 02:14:00 UTC 2015


Quoting Christoph Mathys (eraserix at gmail.com):
> I've been digging further and also tested with Ubuntu mainline
> kernels. To detect if the problem has been triggered I resorted to
> 'script' which fails to allocate a pty in the error case. For the
> problem to occur, "lxc.autodev = 1" seems to be required. I was not
> able to reproduce the problem without it at least.
> 
> I used lxc 1.0.7 on Ubuntu 14.04 for testing, the containers to
> compare are setup with:
> sudo lxc-create -n c -t ubuntu -- -r precise
> 
> I then manually added "lxc.autodev = 1" to the containers configuration.
> 
> To reproduce the problem I run the following commands in a loop:
> sudo lxc-attach -n c --clear-env -- script -c tty /dev/null
> sudo lxc-attach -n c --clear-env -- udevadm trigger --action=change

The host should be protected from udevadm trigger by your container
being under an apparmor profile and/or readonly sys.

> sudo lxc-attach -n c --clear-env -- script -c tty /dev/null
> 
> Output is something like that in the error case:
> Script started, file is /dev/null
> /dev/pts/0
> Script done, file is /dev/null
> script: openpty failed: No such file or directory
> [1]    3899 terminated  ./test.sh withautodev
> 
> I tested the following kernels:
> - 3.16 Ubuntu -> OK
> - 3.16.7 mainline -> FAIL
> - 3.18.17 mainline -> FAIL
> 
> Christoph
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list