/dev/lxc permissions issue with updated 0.5.1+bzr563-0juju2~precise1

Serge E. Hallyn serge at hallyn.com
Fri Aug 10 22:59:02 UTC 2012 

Quoting Andreas Hasenack (andreas at canonical.com):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> after upgrading juju from 0.5+bzr531-0ubuntu1.2 to
> 0.5.1+bzr563-0juju2~precise1 I started getting a permission denied
> error when deploying landscape-server on an lxc container:
> (...)
>   File "/usr/lib/python2.7/dist-packages/txstatsd/process.py", line 3,
> in <module>
>     import psutil
>   File "/usr/lib/python2.7/dist-packages/psutil/__init__.py", line 57,
> in <module>
>     import psutil._pslinux as _psplatform
>   File "/usr/lib/python2.7/dist-packages/psutil/_pslinux.py", line 83,
> in <module>
>     _TERMINAL_MAP = _psposix._get_terminal_map()
>   File "/usr/lib/python2.7/dist-packages/psutil/_psposix.py", line
> 111, in _get_terminal_map
>     ret[os.stat(name).st_rdev] = name
> exceptions.OSError: [Errno 13] Permission denied: '/dev/tty3'
> 
> strace showed:
> 28152 stat64("/dev/tty3", 0xbfee3a0c)   = -1 EACCES (Permission denied)
> 
> These are the permissions on /dev/tty3 with the container deployed by
> juju 0.5.1+bzr563-0juju2~precise1:
> drwx------ 2 root root   4096 Aug  9 21:07 /dev/lxc
> crw-rw---- 1 root tty  136, 6 Aug  9 21:07 /dev/lxc/tty3
> lrwxrwxrwx 1 root root      8 Aug  9 21:07 /dev/tty3 -> lxc/tty3
> 
> So, only root can get to it, which explains the permission denied (the
> service runs as "landscape").
> 
> When, however, using juju 0.5+bzr531-0ubuntu1.2 to deploy the charm,
> it works and the permissions are like these:
> drwxr-xr-x 2 root root   4096 Aug  9 23:43 /dev/lxc
> crw-rw---- 1 root tty  136, 6 Aug  9 23:43 /dev/lxc/tty3
> lrwxrwxrwx 1 root root      8 Aug  9 23:43 /dev/tty3 -> lxc/tty3
> 
> How come juju be influencing such a "small" detail in lxc? Was some
> local deployment option changed? Is this a known bug?
> 
> Thanks!

This looks similar to the cause of bug
(https://bugs.launchpad.net/ubuntu/+source/juju/+bug/930430) - lxc
(in this case lxc-start, in 930430 lxc-create) does an mkdir, passing
in mode 0755, but the passed in mode is masked with a tightened umask
set by juju (or perhaps by you?  you might type 'umask' in your shell
to make sure).  

Perhaps lxc should check its umask and spit out a warning...  I'd be
open to that.  Usually you want to say let the caller decide these
things, but in this case it always just breaks the guests.

-serge

More information about the Juju mailing list