nspawn: become a new root early by evverx · Pull Request #4372 · systemd/systemd

evverx · 2016-10-14T03:05:04Z

~~I'll add some comments later.~~
I've added some comments:

nspawn: become a new root early #4372 (comment) (-EACCES)
nspawn: become a new root early #4372 (comment) (-EOVERFLOW)

@keszybz , please, try this patch. I've tested:

4.7.6-200.fc24
vanilla 4.8

evverx · 2016-10-14T03:48:11Z

src/basic/mount-util.c

 fallback_fdinfo:
        r = fd_fdinfo_mnt_id(fd, filename, flags, &mount_id);
-        if (r == -EOPNOTSUPP)
+        if (IN_SET(r, -EOPNOTSUPP, -EACCES))


I get open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

327 mkdir("/proc", 0755 <unfinished ...> 327 <... mkdir resumed> ) = -1 EEXIST (File exists) 327 stat("/proc", <unfinished ...> 327 <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/ 327 mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...> 327 <... mount resumed> ) = 0 327 lstat("/proc", <unfinished ...> 327 <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263, 327 lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630 327 openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc> 327 name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported) 327 name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported) 327 openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys> 327 open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) 327 close(13</proc/sys> <unfinished ...> 327 <... close resumed> ) = 0 327 close(11</proc> <unfinished ...> 327 <... close resumed> ) = 0

-bash-4.3# ls -ld /proc/ dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/ -bash-4.3# ls -ld /proc/1 dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1 -bash-4.3# ls -ld /proc/1/fdinfo dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo

And I'm not sure how to properly fix this.

@tixxdz , any ideas?

minimal reproducer: https://gist.github.com/evverx/ab5cdc72545b6c9033cfc8336dbca66f/fac7e6fbe05c743b1a832cd006406b727b03bd14#file-ns_child-c
how to run/output: https://gist.github.com/evverx/ab5cdc72545b6c9033cfc8336dbca66f/fac7e6fbe05c743b1a832cd006406b727b03bd14#file-how_to_run-md

evverx · 2016-10-14T03:49:30Z

src/nspawn/nspawn.c

                }
        }

+        r = reset_uid_gid();


This fixes: https://gist.github.com/evverx/adf78f66cf4933a436f92d8f8d6721e7#file-how_to_run-md

evverx · 2016-10-14T04:43:53Z

======================================================================
ERROR: test_service (__main__.NspawnTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/tmp/autopkgtest.Czj41w/build.pWP/systemd-debian/debian/tests/boot-and-services", line 240, in test_service
    subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1'])
  File "/usr/lib/python3.5/subprocess.py", line 581, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['systemctl', 'start', 'systemd-nspawn@c1']' returned non-zero exit status 1

======================================================================
FAIL: test_no_failed (__main__.ServicesTest)
No failed units
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/tmp/autopkgtest.Czj41w/build.pWP/systemd-debian/debian/tests/boot-and-services", line 60, in test_no_failed
    self.assertEqual(failed, [])
AssertionError: Lists differ: ['[email protected] loaded failed failed Container c1'] != []

First list contains 1 additional elements.
First extra element 0:
'[email protected] loaded failed failed Container c1'

- ['[email protected] loaded failed failed Container c1']
+ []

evverx · 2016-10-14T04:55:32Z

@martinpitt , does the testbed support unified cgroup hierarchy?

evverx · 2016-10-14T05:17:07Z

I've reproduced:

--network-veth -U -b

246   unshare(CLONE_NEWCGROUP)          = 0
246   stat("/sys/fs", {st_dev=makedev(0, 28), st_ino=10398, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:04:03.672355479,
246   mkdir("/sys/fs/cgroup", 0755)     = -1 EROFS (Read-only file system)
246   lstat("/sys", {st_dev=makedev(0, 28), st_ino=10393, st_mode=S_IFDIR|0755, st_nlink=9, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_size=180, st_atime=2016/10/14-05:04:03.620355477, st_mtime=
246   lstat("/sys/fs", {st_dev=makedev(0, 28), st_ino=10398, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:04:03.672355479,
246   lstat("/sys/fs/cgroup", 0x7ffdf97e99d0) = -1 ENOENT (No such file or directory)

hm, wtf? :-)

martinpitt · 2016-10-14T05:49:11Z

does the testbed support unified cgroup hierarchy?

Partially I suppose -- it's running on kernel 4.4 (Ubuntu 16.04 LTS), so I'm sure there are some recent cgroupv2 features missing.

We have a policy to support ≤ 2 years old kernels, so I think running tests on kernel 4.4 is useful. We can of course add tests on Ubuntu 16.10 (kernel 4.8), or maybe move the i386 one to that, so that we have more variation wrt. kernel and plumbing packages.

evverx · 2016-10-14T06:56:23Z

@martinpitt , thanks!

so I think running tests on kernel 4.4 is useful

Totally agree.

We can of course add tests on Ubuntu 16.10 (kernel 4.8)

It would be great!

Anyway, I've found a bug.

mount_all (outer_child) creates container_dir/sys/fs/selinux
mount_all (outer_child) doesn't patch container_dir/sys/fs and so on.
mount_sysfs (inner_child) tries to create /sys/fs/cgroup
This fails

370   stat("/sys/fs", {st_dev=makedev(0, 28), st_ino=13880, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:16:43.398665943, st_mtime=2016/10/14-05:16:43.399665943, st_ctime=2016/10/14-05:16:43.399665943}) = 0
370   mkdir("/sys/fs/cgroup", 0755)     = -1 EACCES (Permission denied)

mount_syfs (inner_child) ignores that error and

mount(NULL, "/sys", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL) = 0

mount_cgroups finally fails

martinpitt · 2016-10-14T07:04:44Z

I started an amd64 and i386 test on Ubuntu 16.10 ("yakkety"), let's see how that goes.

evverx · 2016-10-14T07:08:44Z

@martinpitt , thanks!
That --network-veth-bug doesn't depend on the kernel version. So, test-nspawn will fail :-(

keszybz · 2016-10-14T13:30:22Z

@evverx Yep, this fixes UNIFIED_CGROUP_HIERARCHY=no systemd-nspawn -U -b for me.

But, sorry to sound like a scratched record, please split your commit into two!

evverx · 2016-10-15T04:20:00Z

@keszybz , ok :-)

Oh, actually, there are so many ways to mount cgroups, sysfs and so on. For example:

UNIFIED_CGROUP_HIERARCHY=no SYSTEMD_NSPAWN_USE_CGNS=no systemd-nspawn -U -b

works fine on 4.8.
I've added a smoke test: #4378
Please, have a look

Basically, this test runs: ``` systemd-nspawn --register=no -D "$_root" -b systemd-nspawn --register=no -D "$_root" --private-network -b systemd-nspawn --register=no -D "$_root" -U -b systemd-nspawn --register=no -D "$_root" --private-network -U -b ``` and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]` Inspired by * systemd#3589 (comment) * systemd#4372 (comment) * systemd#4223 (comment) * systemd#1555 and so on :-)

keszybz · 2016-10-16T14:47:17Z

@evverx so what the status here? You said you'd add more comments (and maybe split the commit in two)…

evverx · 2016-10-16T21:43:34Z

what the status here?

I'm trying to fix broken stuff. Sadly, every new fix breaks some other stuff. This is why I wrote the TEST-13-NSPAWN-SMOKE.

You said you'd add more comments

Oh, I've added comments:

nspawn: become a new root early #4372 (comment) (-EACCES)
nspawn: become a new root early #4372 (comment) (-EOVERFLOW)

Updated the PR description.

and maybe split the commit in two

Yes, I'll beautify this PR later. I want to fix all issues first.

Basically, this test runs: ``` systemd-nspawn --register=no -D "$_root" -b systemd-nspawn --register=no -D "$_root" --private-network -b systemd-nspawn --register=no -D "$_root" -U -b systemd-nspawn --register=no -D "$_root" --private-network -U -b ``` and exports the `UNIFIED_CGROUP_HIERARCHY=[yes|no]`, `SYSTEMD_NSPAWN_USE_CGNS=[yes|no]` Inspired by * systemd#3589 (comment) * systemd#4372 (comment) * systemd#4223 (comment) * systemd#1555 and so on :-)

evverx · 2016-10-20T07:02:39Z

@keszybz , updated

Marked as "need-rework": I should split the commit into three

@martinpitt , this commit fixes:

yakkety-amd64
boot-and-services    FAIL

-- Logs begin at Tue 2016-10-18 09:42:55 UTC, end at Tue 2016-10-18 09:43:13 UTC. --
Oct 18 09:43:12 autopkgtest systemd[1]: Starting Container c1...
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Selected user namespace base 239403008 and range 65536.
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount n/a on /var/lib/machines/c1/sys/fs/selinux (MS_BIND ""): No such file or directory
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount n/a on /var/lib/machines/c1/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND ""): Invalid argument
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Timezone Etc/UTC does not exist in container, not updating container timezone.
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount cgroup on /sys/fs/cgroup/net_cls,net_prio (MS_NOSUID|MS_NODEV|MS_NOEXEC "net_cls,net_prio"): No such file or directory
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Child died too early.
Oct 18 09:43:12 autopkgtest systemd[1]: Failed to start Container c1.
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Unit entered failed state.
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Failed with result 'exit-code'.

#4378 (comment)

I guess we should run tests on Ubuntu 16.10 (just to be sure :-))

evverx · 2016-10-20T08:22:44Z

Oh, I didn't push the commit "tests: remove an expected failure check in test-nspawn-smoke". Will do

martinpitt · 2016-10-20T08:29:35Z

I guess we should run tests on Ubuntu 16.10 (just to be sure :-))

Sure, please let me know once you have the PR ready; our infra is fairly loaded right now, so I don't want to start unnecessary test runs.

evverx · 2016-10-20T08:37:27Z

@martinpitt , OK

So, @keszybz , does this PR work for you (and looks reasonable)?
If yes I'll

split the commit into 3 (fix -EACESS, really chown new dirs, fix of the systemd-nspawn -U doesn't work properly (Linux >= 4.8) #4352)
remove the expected failure check

…f/fdinfo See systemd#4372 (comment)

See systemd#4372 (comment)

Fixes: systemd#4352

systemd#4352 has been fixed So, we don't need this workaround anymore

keszybz

Looks good, apart from one return value mixup.

keszybz · 2016-10-20T23:14:30Z

src/nspawn/nspawn-mount.c

+        if (!in_userns) {
+                r = lchown(path, uid_shift, uid_shift);
+                if (r < 0)
+                        return r;


return -errno;

keszybz · 2016-10-20T23:34:16Z

src/nspawn/nspawn-mount.c

+                r = mkdir_userns(t, mode, in_userns, uid_shift);
+                if (r < 0)
+                        return r;
+        }


This feels overly complex, but I don't see an easy way to simplify.

Would it be possible to use normal mkdir_p and then chown in a loop?

That's posible. But:

we should traverse the subtree twice

we should split the path into components twice

Also, I think mkdir and chown is simpler to understand.

Anyway, I'm not sure what is the right solution (I don't like that mkdir_p_internal-copy-pasta too)

@keszybz , @poettering , what do you think?

We can always prettify the function later, so I'd just leave the current implementation.

evverx · 2016-10-21T04:59:13Z

@keszybz , updated

@martinpitt , I think this PR is ready. And we can start tests on Ubuntu 16.10
(also, I remove the has-overflow.c. We can revert https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5fc1668918cf087b85be0408c1684a71fc3d33ad)

…f/fdinfo #4372 (comment): I get `open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)` 327 mkdir("/proc", 0755 <unfinished ...> 327 <... mkdir resumed> ) = -1 EEXIST (File exists) 327 stat("/proc", <unfinished ...> 327 <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/ 327 mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...> 327 <... mount resumed> ) = 0 327 lstat("/proc", <unfinished ...> 327 <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263, 327 lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630 327 openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc> 327 name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported) 327 name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported) 327 openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys> 327 open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) 327 close(13</proc/sys> <unfinished ...> 327 <... close resumed> ) = 0 327 close(11</proc> <unfinished ...> 327 <... close resumed> ) = 0 -bash-4.3# ls -ld /proc/ dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/ -bash-4.3# ls -ld /proc/1 dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1 -bash-4.3# ls -ld /proc/1/fdinfo dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo

#4372 (comment): * `mount_all (outer_child)` creates `container_dir/sys/fs/selinux` * `mount_all (outer_child)` doesn't patch `container_dir/sys/fs` and so on. * `mount_sysfs (inner_child)` tries to create `/sys/fs/cgroup` * This fails 370 stat("/sys/fs", {st_dev=makedev(0, 28), st_ino=13880, st_mode=S_IFDIR|0755, st_nlink=3, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=60, st_atime=2016/10/14-05:16:43.398665943, st_mtime=2016/10/14-05:16:43.399665943, st_ctime=2016/10/14-05:16:43.399665943}) = 0 370 mkdir("/sys/fs/cgroup", 0755) = -1 EACCES (Permission denied) * `mount_syfs (inner_child)` ignores that error and mount(NULL, "/sys", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND, NULL) = 0 * `mount_cgroups` finally fails

keszybz · 2016-10-24T03:34:33Z

I hate commit messages which have no content, only a github discussion link. I now went through your commits and pasted (what I thought is) the relevant part from each link. For the sake of my blood pressure, please add real commit messages in the future ;) I don't quite believe github discussion links will be available in 5 years when somebody is hunting some bug and trying to understand why is the way it is.

So... indeed #4352 is fixed with this PR, and everything seems functional. Merging. Thanks.

evverx · 2016-10-24T18:11:11Z

I now went through your commits and pasted (what I thought is) the relevant part from each link

@keszybz , thanks!

I hate commit messages which have no content

Well, I agree. But I hate my English too :-) Feel free to suggest the contents. Thanks!

…f/fdinfo systemd/systemd#4372 (comment): I get `open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)` 327 mkdir("/proc", 0755 <unfinished ...> 327 <... mkdir resumed> ) = -1 EEXIST (File exists) 327 stat("/proc", <unfinished ...> 327 <... stat resumed> {st_dev=makedev(8, 1), st_ino=28585, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=1024, st_blocks=4, st_size=1024, st_atime=2016/10/14-02:55:32, st_mtime=2016/ 327 mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL <unfinished ...> 327 <... mount resumed> ) = 0 327 lstat("/proc", <unfinished ...> 327 <... lstat resumed> {st_dev=makedev(0, 34), st_ino=1, st_mode=S_IFDIR|0555, st_nlink=75, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:35.971031263, 327 lstat("/proc/sys", {st_dev=makedev(0, 34), st_ino=4026531855, st_mode=S_IFDIR|0555, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=1024, st_blocks=0, st_size=0, st_atime=2016/10/14-03:13:39.1630 327 openat(AT_FDCWD, "/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_PATH) = 11</proc> 327 name_to_handle_at(11</proc>, "sys", {handle_bytes=128}, 0x7ffe3a238604, AT_SYMLINK_FOLLOW) = -1 EOPNOTSUPP (Operation not supported) 327 name_to_handle_at(11</proc>, "", {handle_bytes=128}, 0x7ffe3a238608, AT_EMPTY_PATH) = -1 EOPNOTSUPP (Operation not supported) 327 openat(11</proc>, "sys", O_RDONLY|O_CLOEXEC|O_PATH) = 13</proc/sys> 327 open("/proc/self/fdinfo/13", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) 327 close(13</proc/sys> <unfinished ...> 327 <... close resumed> ) = 0 327 close(11</proc> <unfinished ...> 327 <... close resumed> ) = 0 -bash-4.3# ls -ld /proc/ dr-xr-xr-x 76 65534 65534 0 Oct 14 02:57 /proc/ -bash-4.3# ls -ld /proc/1 dr-xr-xr-x 9 root root 0 Oct 14 02:57 /proc/1 -bash-4.3# ls -ld /proc/1/fdinfo dr-x------ 2 65534 65534 0 Oct 14 03:00 /proc/1/fdinfo (cherry picked from commit 548bd57)

evverx added nspawn needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer labels Oct 14, 2016

evverx commented Oct 14, 2016

View reviewed changes

evverx added the ci-fails/needs-rework 🔥 Please rework this, the CI noticed an issue with the PR label Oct 14, 2016

keszybz removed the needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer label Oct 14, 2016

evverx mentioned this pull request Oct 15, 2016

tests: add smoke test for systemd-nspawn #4378

Merged

evverx mentioned this pull request Oct 18, 2016

nspawn: R/W support for /sysfs, /proc, and /proc/sys/net #4395

Merged

keszybz added this to the v232 milestone Oct 20, 2016

evverx force-pushed the fix-u-4.8-fallout branch from 669c66c to 00b9419 Compare October 20, 2016 06:42

evverx added reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks and removed ci-fails/needs-rework 🔥 Please rework this, the CI noticed an issue with the PR labels Oct 20, 2016

basic: fallback to the fstat if we don't have access to the /proc/sel…

399ca8c

…f/fdinfo See systemd#4372 (comment)

evverx added 3 commits October 20, 2016 09:05

nspawn: really lchown(uid/gid)

a526086

See systemd#4372 (comment)

nspawn: become a new root early

45b2eb1

Fixes: systemd#4352

tests/TEST-13-NSPAWN-SMOKE: remove an expected failure check

90e2231

systemd#4352 has been fixed So, we don't need this workaround anymore

poettering added the has-pr label Oct 20, 2016

keszybz removed the has-pr label Oct 20, 2016

keszybz reviewed Oct 20, 2016

View reviewed changes

evverx force-pushed the fix-u-4.8-fallout branch from 00b9419 to 90e2231 Compare October 21, 2016 04:42

evverx added util-lib tests and removed reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks labels Oct 21, 2016

keszybz added a commit that referenced this pull request Oct 24, 2016

Merge pull request #4372 from evverx/fix-synced-cgroup-hierarchy-perms

60f17f7

keszybz closed this Oct 24, 2016

lucab mentioned this pull request Oct 24, 2016

core/execute: regression in setting groups for root-namespaced services #4357

Closed

evverx deleted the fix-u-4.8-fallout branch October 24, 2016 18:05

Uh oh!

Conversation

evverx commented Oct 14, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

evverx Oct 14, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

evverx Oct 14, 2016

Choose a reason for hiding this comment

Uh oh!

evverx commented Oct 14, 2016

Uh oh!

evverx commented Oct 14, 2016

Uh oh!

evverx commented Oct 14, 2016

Uh oh!

martinpitt commented Oct 14, 2016

Uh oh!

evverx commented Oct 14, 2016

Uh oh!

martinpitt commented Oct 14, 2016

Uh oh!

evverx commented Oct 14, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

keszybz commented Oct 14, 2016

Uh oh!

evverx commented Oct 15, 2016

Uh oh!

keszybz commented Oct 16, 2016

Uh oh!

evverx commented Oct 16, 2016

Uh oh!

evverx commented Oct 20, 2016

Uh oh!

evverx commented Oct 20, 2016

Uh oh!

martinpitt commented Oct 20, 2016

Uh oh!

evverx commented Oct 20, 2016

Uh oh!

keszybz left a comment

Choose a reason for hiding this comment

Uh oh!

keszybz Oct 20, 2016

Choose a reason for hiding this comment

Uh oh!

keszybz Oct 20, 2016

Choose a reason for hiding this comment

Uh oh!

keszybz Oct 20, 2016

Choose a reason for hiding this comment

Uh oh!

evverx Oct 21, 2016

Choose a reason for hiding this comment

Uh oh!

keszybz Oct 21, 2016

Choose a reason for hiding this comment

Uh oh!

evverx commented Oct 21, 2016 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

keszybz commented Oct 24, 2016

Uh oh!

evverx commented Oct 24, 2016

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

evverx commented Oct 14, 2016 •

edited

Loading

evverx Oct 14, 2016 •

edited

Loading

evverx commented Oct 14, 2016 •

edited

Loading

evverx commented Oct 21, 2016 •

edited

Loading