[Bug 1424795] Re: Old libselinux in Precise breaks things in Docker on SELinux-enabled host
Launchpad Bug Tracker
1424795 at bugs.launchpad.net
Tue Jul 12 04:17:52 UTC 2016
[Expired for libselinux (Ubuntu) because there has been no activity for
60 days.]
** Changed in: libselinux (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libselinux in Ubuntu.
https://bugs.launchpad.net/bugs/1424795
Title:
Old libselinux in Precise breaks things in Docker on SELinux-enabled
host
Status in libselinux package in Ubuntu:
Expired
Bug description:
In a Docker container running on an SELinux capable kernel, the fact
that /sys is mounted RO is supposed to signal to the container that
SELinux is not supported on the inside, so it doesn't try to do things
that won't work. The version of libselinux in Ubuntu 12.04 is too old
to have the above check, breaking basic functionality like shadow-
utils.
RHEL 6 had the same problem; their fix was to update libselinux:
https://bugzilla.redhat.com/show_bug.cgi?id=1112748
Previously reported downstream: https://github.com/tianon/docker-brew-
ubuntu-core/issues/29
Release: Ubuntu 12.04.5 LTS
Installed package version: 2.1.0-4.1ubuntu1
Expected results:
# useradd test
<success>
# id -Z
id: --context (-Z) works only on an SELinux-enabled kernel
Actual results:
root at b55e77ab9ef4:/# useradd test
useradd: failure while writing changes to /etc/passwd
root at b55e77ab9ef4:/# vipw
vipw: setfscreatecon () failed: Permission denied
vipw: /etc/passwd is unchanged
root at b55e77ab9ef4:/# id -Z
system_u:system_r:svirt_lxc_net_t:s0:c14,c127
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1424795/+subscriptions
More information about the foundations-bugs
mailing list