[Bug 1675163] Re: Don't attempt to create devices in LXC containers

Andy Buchanan 1675163 at bugs.launchpad.net
Tue Apr 4 22:01:20 UTC 2017 

The fix doesn't appear to be working for me on xenial. Package being
installed is the one shown above as having the fix, but I still get this
error:

user at ubuntu:~$ sudo apt install makedev
sudo: unable to resolve host ubuntu
Reading package lists... Done
Building dependency tree       
Reading state information... Done
makedev is already the newest version (2.3.1-93ubuntu2~ubuntu16.04.1).
0 upgraded, 0 newly installed, 0 to remove and 59 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] 
Setting up makedev (2.3.1-93ubuntu2~ubuntu16.04.1) ...
mknod: mem-: Operation not permitted
makedev mem c 1 1 root kmem 0640: failed
mknod: kmem-: Operation not permitted
makedev kmem c 1 2 root kmem 0640: failed
mknod: null-: Operation not permitted
makedev null c 1 3 root root 0666: failed
mknod: port-: Operation not permitted
makedev port c 1 4 root kmem 0640: failed
mknod: zero-: Operation not permitted
makedev zero c 1 5 root root 0666: failed
mknod: full-: Operation not permitted
makedev full c 1 7 root root 0666: failed
mknod: random-: Operation not permitted
makedev random c 1 8 root root 0666: failed
mknod: urandom-: Operation not permitted
makedev urandom c 1 9 root root 0666: failed
mknod: tty-: Operation not permitted
makedev tty c 5 0 root tty 0666: failed
mknod: ram0-: Operation not permitted
makedev ram0 b 1 0 root disk 0660: failed
mknod: ram1-: Operation not permitted
makedev ram1 b 1 1 root disk 0660: failed
mknod: ram2-: Operation not permitted
makedev ram2 b 1 2 root disk 0660: failed
mknod: ram3-: Operation not permitted
makedev ram3 b 1 3 root disk 0660: failed
mknod: ram4-: Operation not permitted
makedev ram4 b 1 4 root disk 0660: failed
mknod: ram5-: Operation not permitted
makedev ram5 b 1 5 root disk 0660: failed
mknod: ram6-: Operation not permitted
makedev ram6 b 1 6 root disk 0660: failed
mknod: ram7-: Operation not permitted
makedev ram7 b 1 7 root disk 0660: failed
mknod: ram8-: Operation not permitted
makedev ram8 b 1 8 root disk 0660: failed
mknod: ram9-: Operation not permitted
makedev ram9 b 1 9 root disk 0660: failed
mknod: ram10-: Operation not permitted
makedev ram10 b 1 10 root disk 0660: failed
mknod: ram11-: Operation not permitted
makedev ram11 b 1 11 root disk 0660: failed
mknod: ram12-: Operation not permitted
makedev ram12 b 1 12 root disk 0660: failed
mknod: ram13-: Operation not permitted
makedev ram13 b 1 13 root disk 0660: failed
mknod: ram14-: Operation not permitted
makedev ram14 b 1 14 root disk 0660: failed
mknod: ram15-: Operation not permitted
makedev ram15 b 1 15 root disk 0660: failed
mknod: ram16-: Operation not permitted
makedev ram16 b 1 16 root disk 0660: failed
mknod: loop0-: Operation not permitted
makedev loop0 b 7 0 root disk 0660: failed
mknod: loop1-: Operation not permitted
makedev loop1 b 7 1 root disk 0660: failed
mknod: loop2-: Operation not permitted
makedev loop2 b 7 2 root disk 0660: failed
mknod: loop3-: Operation not permitted
makedev loop3 b 7 3 root disk 0660: failed
mknod: loop4-: Operation not permitted
makedev loop4 b 7 4 root disk 0660: failed
mknod: loop5-: Operation not permitted
makedev loop5 b 7 5 root disk 0660: failed
mknod: loop6-: Operation not permitted
makedev loop6 b 7 6 root disk 0660: failed
mknod: loop7-: Operation not permitted
makedev loop7 b 7 7 root disk 0660: failed
mknod: tty0-: Operation not permitted
makedev tty0 c 4 0 root tty 0600: failed
mknod: console-: Operation not permitted
makedev console c 5 1 root tty 0600: failed
/sbin/MAKEDEV: don't know how to make device "tty0"
dpkg: error processing package makedev (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 makedev
E: Sub-process /usr/bin/dpkg returned an error code (1)

Do let me know if I can supply any more useful output.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to makedev in Ubuntu.
https://bugs.launchpad.net/bugs/1675163

Title:
  Don't attempt to create devices in LXC containers

Status in makedev package in Ubuntu:
  Fix Released
Status in makedev source package in Precise:
  Fix Released
Status in makedev source package in Trusty:
  Fix Released
Status in makedev source package in Xenial:
  Fix Released
Status in makedev source package in Yakkety:
  Fix Released
Status in makedev source package in Zesty:
  Fix Released

Bug description:
  Right now the "makedev" postinst script will attempt to create a
  number of devices in /dev, failing the package upgrade should any of
  those mknod calls fail.

  LXC containers, especially unprivileged ones do not allow the use of
  mknod, making it impossible to upgrade makedev in those containers and
  preventing Ubuntu release upgrades.

  The fix is quite simple, detect that we are running in an LXC
  container and skip the rest of the postinst script as is done in a
  number of other cases.

  = SRU
  == Rationale
  This issue prevents release to release upgrades in unprivileged LXC containers when makedev is part of the upgraded set. This is currently visible when upgrading from Ubuntu 12.04 to Ubuntu 14.04.

  == Testcase
  Install the new package in an unprivileged container. With LXD, simply use "lxc launch ubuntu:<series> test" to create the container.

  Prior to this fix, the upgrade will fail on some mknod errors, after
  it, it'll go on after printing a message indicating that LXC was
  detected.

  == Regression potential
  The detection logic is based on PID 1's environment containing a container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the makedev upgrade no longer creating extra devices. This is unlikely to really matter though since the system is clearly already functioning properly at that point.

  Similarly, some privileged LXC containers can be configured in a way
  where mknod is possible, this update will still disable the postinst
  for those cases as short of attempting every mknod ahead of time,
  there is no reliable way to detect any seccomp or apparmor policy in
  play.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions

More information about the foundations-bugs mailing list