LXC-Web-Panel icon indicating copy to clipboard operation
LXC-Web-Panel copied to clipboard

Published 20 hours ago verified publisher icon claudyus

Editing container breaks it's config file

Open marcosx86 opened this issue 9 years ago • 1 comments

Scenario: Debian Jessie 8.3, no GUI, OpenSSH server Using git master

  1. Setup steps (everything ran as root): apt-get install git lxc lxctl dnsmasq python-minimal fabric npm python-setuptools python-flask python-pam python-ldap python-dev pkg-config python-cffi python-tz; ln -s /usr/bin/nodejs /usr/bin/node (run as normal user) fab build_assets; python ./setup.py develop cp debian/lwp.service /lib/systemd/system/lwp.service (edited to comply lwp's real path - /usr/local/bin/lwp) systemctl daemon-reload systemctl enable lwp.service
  2. Create a basic container, debian type
  3. Run it, it will succeed, stop it
  4. Clone it, run cloned container, it will succeed, stop it
  5. Edit cloned container, save, run it, it will crash.

When editing, it is breaking the config file repeating items, mostly mount ones:

lxc.mount = /var/lib/lxc/elk-java-base/fstab
lxc.mount.entry = sysfs sys sysfs ro 0 0
lxc.tty = 4
lxc.pts = 1024
lxc.arch = x86_64
lxc.seccomp = /usr/share/lxc/config/common.seccomp
lxc.kmsg = 0
lxc.autodev = 1
lxc.utsname = elk-java-base
lxc.network.type = empty
lxc.cap.drop = sys_time
lxc.rootfs = /var/lib/lxc/elk-java-base/rootfs
lxc.pivotdir = lxc_putold
lxc.start.auto = 0
lxc.loglevel = 0
lxc.network.flags = down

lxc.mount.entry = sysfs sys sysfs ro 0 0
lxc.cap.drop = sys_time
lxc.mount.entry = sysfs sys sysfs ro 0 0
lxc.cap.drop = sys_time
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs ro 0 0
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 254:0 rm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.cap.drop = sys_module
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = sys_time

marcosx86 avatar Jan 31 '16 01:01 marcosx86

should be fixed also for debian using #102

claudyus avatar Jan 31 '16 17:01 claudyus