Bug 24399

Summary: lxc no longer working due to fcntl(fd, F_GET_SEALS) failure
Product: Mageia Reporter: Dan Fandrich <dan>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact:
Severity: critical    
Priority: Normal CC: bruno, cjw, geiger.david68210, marja11, nicolas.salguero, ouaurelien
Version: 6   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: lxc-2.0.8-1.1.mga6.src.rpm CVE:
Status comment:

Description Dan Fandrich 2019-02-21 11:07:26 CET 
Description of problem:
The lxc-2.0.8-1.1.mga6 ported a security fix that uses fcntl(fd, F_GET_SEALS), however this call is failing whenever I try to start my lxc containers since the update. The error message is as follows:

lxc-execute: cgroups/cgfsng.c: create_path_for_hierarchy: 1328 Path "/sys/fs/cgroup/systemd//lxc/busybox" already existed.
lxc-execute: cgroups/cgfsng.c: cgfsng_create: 1385 No such file or directory - Failed to create /sys/fs/cgroup/systemd//lxc/busybox: No such file or directory
No such file or directory - Failed to determine whether this is a memfd
Failed to re-execute liblxc via memory file descriptor

The memfd error seems to be the root cause as it causes the rest of the execution to abort. That error comes from the new is_memfd() function in 0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch

Version-Release number of selected component (if applicable):
lxc-2.0.8-1.1.mga6

How reproducible:
100%

Steps to Reproduce:
1. Configure an LXC container (called busybox in this example)
2. Start it with: sudo lxc-execute -n busybox -- /bin/sh
3. Profit!
Dan Fandrich 2019-02-21 11:08:09 CET

CC: (none) => luigiwalser

David Walser 2019-02-21 14:35:07 CET

CC: luigiwalser => nicolas.salguero

Comment 1 Marja Van Waes 2019-02-21 14:38:57 CET 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Also CC'ing some (Cauldron) committers.

CC: (none) => bruno, cjw, geiger.david68210, marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Aurelien Oudelet 2020-08-16 22:35:55 CEST 
Mageia 6 changed to end-of-life (EOL) status on 2019-09-30. It is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan 
to fix it in a currently maintained version, simply change the 'version' to 
a later Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we 
weren't able to fix it before Mageia 6's end of life. If you are able to 
reproduce it against a later version of Mageia, you are encouraged to click 
on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a more recent
Mageia release includes newer upstream software that fixes bugs or makes them
obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/

Best regards,
Aurélien
Bugsquad Team

Resolution: (none) => OLD
CC: (none) => ouaurelien
Status: NEW => RESOLVED