[Bug 925513] Re: plymouth should not run in container

Steve Langasek steve.langasek at canonical.com
Fri Feb 17 01:00:33 UTC 2012 

On Thu, Feb 16, 2012 at 02:25:36PM -0000, Serge Hallyn wrote:
> regarding whether disabling plymouth is the right fix:  I don't know the
> mechanisms plymouth uses.

Well, I'm happy to answer questions you have on this, but I don't understand
what issue you're trying to address by disabling plymouth.  The bug
description says only that:

> As stgraber said, "it writes some error messages to /var/log/upstart (when
> you have logging) and sometimes to the console".

But a) that's not true for values of "it" == "plymouth" (maybe this refers
to upstart?), and b) it's not clear to me what behavior you expect for the
various messages if plymouth is disabled - particularly the ones that are
*actually* being routed to plymouth, which may require some sort of user
interaction.

> 1. for system log entries, the right fix will be a syslog namespace,
> which doesn't yet exist.

plymouth has nothing to do with syslog.  It captures *console* output to
/var/log/boot.log, but that's a secondary function and doesn't use syslog
for output.

> 2. if it uses proc files, we may be able to use apparmor to protect from
> plymouth, though that may make plymouth fail and cause the container to
> not boot right.  The right fix would be a mix of user namespaces and
> proc file access filtering.

Plymouth uses /proc/cmdline and /proc/self/fd.  Are these a problem in
lxc?

> 3. if it uses devices (ioctls or writes), we may be able to use apparmor
> and/or the devices namespace to protect from plymouth, but a device
> namespace will be the right fix.

Oh, it definitely uses devices.  At a minimum, it expects to be able to open
/dev/console.  It also generally expects to make use of /dev/fb, /dev/tty0,
/dev/tty1, and a few others.  I had assumed that there is some sort of
virtualized console in the container that would be exposed with the usual
device name.  If there isn't, then there's definitely no point in running
plymouth in a container.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to plymouth in Ubuntu.
https://bugs.launchpad.net/bugs/925513

Title:
  plymouth should not run in container

Status in “lxc” package in Ubuntu:
  Confirmed
Status in “plymouth” package in Ubuntu:
  Incomplete

Bug description:
  Once upstart knows whether it is running in a container, plymouth
  should not run in a container.  As stgraber said, "it writes some
  error messages to /var/log/upstart (when you have logging) and
  sometimes to the console".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925513/+subscriptions

More information about the foundations-bugs mailing list