[Bug 1389305] Re: sudo doesn't work on unprivileged lxc container on top of ecryptfs

Adam Ryczkowski adam.ryczkowski at statystyka.net
Fri Nov 21 17:12:13 UTC 2014 

apport information

** Tags added: apport-collected trusty

** Description changed:

  On Ubuntu 14.04 64 bit, after adding a user into an unprivileged
  container, the sudo complains that:
  
  $ sudo su
  sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
  
  To reproduce:
  
  1. Download and install the Ubuntu amd64 minimalcd
  2. Install lxc on it and openssh for convenience.
  3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do:
       a) sudo usermod --add-subuids 100000-165536 $USER
       b) sudo usermod --add-subgids 100000-165536 $USER
       c) sudo chmod +x $HOME
       d) create the file  ~/.config/lxc/default.conf with the following contents:
  lxc.include = /etc/lxc/default.conf
  lxc.id_map = u 0 100000 65536
  lxc.id_map = g 0 100000 65536
       e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
  (restart is not required)
  4. Create the container with
  lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
  5. Install openssh-server in the container:
  lxc-start -d -n p1
  lxc-attach -n p1 -- apt-get install openssh-server
  6. Add a user "adam" with the group sudo
  lxc-attach -n p1 -- adduser adam sudo
  7. Set a password for the user
  8. Log in via ssh (and provide the password from step 7)
  ssh p1 at adam
  9. On the p1:
  adam at p1$ sudo su
  sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
  
  I expected it to make change the user to root.
  
  lxc version: 1.0.3-0ubuntu3
  $cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
  20141101_03:49
+ --- 
+ ApportVersion: 2.14.1-0ubuntu3.5
+ Architecture: amd64
+ DistroRelease: Ubuntu 14.04
+ EcryptfsInUse: Yes
+ Package: lxc
+ PackageArchitecture: amd64
+ ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
+ Tags:  trusty
+ Uname: Linux 3.13.0-39-generic x86_64
+ UpgradeStatus: No upgrade log present (probably fresh install)
+ UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
+ _MarkForUpload: True

** Attachment added: "Dependencies.txt"
   https://bugs.launchpad.net/bugs/1389305/+attachment/4265210/+files/Dependencies.txt

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1389305

Title:
  sudo doesn't work on unprivileged lxc container on top of ecryptfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1389305/+subscriptions

More information about the Ubuntu-server-bugs mailing list