[Bug 917660] Re: Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host

Serge Hallyn 917660 at bugs.launchpad.net
Tue Jan 24 19:41:33 UTC 2012 

@Andy -- that depends on whether we consider the kernel part of this a
bug or not.

For lxc it'll be fixed with an apparmor policy shipped with lxc.

For update-binfmts more generally,  there might be  way for that program
to be smarter.

But still the kernel itself is reading over proc and/or sys files, so
there's the question of how far we go to protect the admin from himself.


My take right now:  the container admin may be separate from the host
admin, so we need the lxc policy.  For the rest, update-binfmts and the
kernel part can only be used by the host admin, so we let him shoot
himself in the foot.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to binfmt-support in Ubuntu.
https://bugs.launchpad.net/bugs/917660

Title:
  Installing qemu-user-static in an i386 lxc container applies the
  binfmt changes to the host, breaking execution in that host

Status in “binfmt-support” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Confirmed
Status in “lxc” package in Ubuntu:
  Confirmed

Bug description:
  If you create an i386 container on an amd64 host and install qemu-
  user-static on the container, it will run "update-binfmts --import
  qemu-x86_64" and since binfmt doesn't seem to be containerized, it
  will affect the host causing all binary executions to go through
  /usr/bin/qemu-x86_64-static, which in turn crashes like this:

    salgado at delgadito:~$ ls
    ERROR: ioctl(SNDCTL_DSP_MAPINBUF): target=0x80085013 host=0x80105013
    ERROR: ioctl(SNDCTL_DSP_MAPOUTBUF): target=0x80085014 host=0x80105014
    qemu: Unsupported syscall: 202
    qemu: uncaught target signal 11 (Segmentation fault) - core dumped

  Because of that you won't be able to execute anything on the host, so
  the only way to solve that is to restart or run the following in the
  container:

    update-binfmts --package qemu-user-static --remove qemu-x86_64
  /usr/bin/qemu-x86_64-static

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: linux-image-3.2.0-9-generic 3.2.0-9.16
  ProcVersionSignature: Ubuntu 3.2.0-9.16-generic 3.2.1
  Uname: Linux 3.2.0-9-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
  ApportVersion: 1.90-0ubuntu2
  Architecture: amd64
  ArecordDevices:
   **** List of CAPTURE Hardware Devices ****
   card 0: PCH [HDA Intel PCH], device 0: CONEXANT Analog [CONEXANT Analog]
     Subdevices: 1/1
     Subdevice #0: subdevice #0
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  salgado    2876 F.... pulseaudio
  Card0.Amixer.info:
   Card hw:0 'PCH'/'HDA Intel PCH at 0xf1620000 irq 49'
     Mixer name	: 'Intel CougarPoint HDMI'
     Components	: 'HDA:14f1506e,17aa21d2,00100002 HDA:80862805,80860101,00100000'
     Controls      : 23
     Simple ctrls  : 8
  Card29.Amixer.info:
   Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw unknown'
     Mixer name	: 'ThinkPad EC (unknown)'
     Components	: ''
     Controls      : 1
     Simple ctrls  : 1
  Card29.Amixer.values:
   Simple mixer control 'Console',0
     Capabilities: pswitch pswitch-joined penum
     Playback channels: Mono
     Mono: Playback [on]
  Date: Tue Jan 17 10:56:49 2012
  HibernationDevice: RESUME=UUID=ce6e1bad-83b4-490c-a732-f15d400083f3
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
  MachineType: LENOVO 4170CTO
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-9-generic root=UUID=6c8b89f7-f0ef-440b-bea8-ccb5f8d5b8a3 ro quiet splash i915.i915_enable_rc6=1 i915.lvds_downclock=1 vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.2.0-9-generic N/A
   linux-backports-modules-3.2.0-9-generic  N/A
   linux-firmware                           1.67
  SourcePackage: linux
  StagingDrivers: mei
  UpgradeStatus: Upgraded to precise on 2012-01-17 (0 days ago)
  dmi.bios.date: 11/01/2011
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 8CET50WW (1.30 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 4170CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvr8CET50WW(1.30):bd11/01/2011:svnLENOVO:pn4170CTO:pvrThinkPadT420s:rvnLENOVO:rn4170CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 4170CTO
  dmi.product.version: ThinkPad T420s
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binfmt-support/+bug/917660/+subscriptions

More information about the foundations-bugs mailing list