Permissions of /dev/zero
9 views
Skip to first unread message
Oliver Schad
May 19, 2021, 5:48:40 AM5/19/21
to lxc-...@lists.linuxcontainers.org
Hello everybody,
I'm struggling with LXC together with a version of Apache Webserver in
an unprivileged container: the version of apache I have wants to
open /dev/zero rw - that doesn't sound very intelligent, however it
refuses to start without permissions to that.
I'm using today LXD version 3.23
~# ls -l /dev/zero
cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
~# mount | grep zero
udev on /dev/zero type devtmpfs
(rw,nosuid,relatime,size=16464000k,nr_inodes=4116000,mode=755)
I've tried
lxc.cgroup.devices.allow = c 1:5 rw
That doesn't work. Following is set:
lxc.autodev = 1
So what is the way to change permissions of files, which are mounted by
LXC itself?
Best Regards
Oli
--
Automatic-Server AG •••••
Oliver Schad
Geschäftsführer
Turnerstrasse 2
9000 St. Gallen | Schweiz
www.automatic-server.com | oliver...@automatic-server.com
Tel: +41 71 511 31 11 | Mobile: +41 76 330 03 47
I'm struggling with LXC together with a version of Apache Webserver in
an unprivileged container: the version of apache I have wants to
open /dev/zero rw - that doesn't sound very intelligent, however it
refuses to start without permissions to that.
I'm using today LXD version 3.23
~# ls -l /dev/zero
cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
~# mount | grep zero
udev on /dev/zero type devtmpfs
(rw,nosuid,relatime,size=16464000k,nr_inodes=4116000,mode=755)
I've tried
lxc.cgroup.devices.allow = c 1:5 rw
That doesn't work. Following is set:
lxc.autodev = 1
So what is the way to change permissions of files, which are mounted by
LXC itself?
Best Regards
Oli
--
Automatic-Server AG •••••
Oliver Schad
Geschäftsführer
Turnerstrasse 2
9000 St. Gallen | Schweiz
www.automatic-server.com | oliver...@automatic-server.com
Tel: +41 71 511 31 11 | Mobile: +41 76 330 03 47
Serge E. Hallyn
May 19, 2021, 9:28:23 AM5/19/21
to Oliver Schad, lxc-...@lists.linuxcontainers.org
On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> Hello everybody,
>
> I'm struggling with LXC together with a version of Apache Webserver in
> an unprivileged container: the version of apache I have wants to
> open /dev/zero rw - that doesn't sound very intelligent, however it
> refuses to start without permissions to that.
>
> I'm using today LXD version 3.23
>
> ~# ls -l /dev/zero
> cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> ~# mount | grep zero
> udev on /dev/zero type devtmpfs
> (rw,nosuid,relatime,size=16464000k,nr_inodes=4116000,mode=755)
>
> I've tried
>
> lxc.cgroup.devices.allow = c 1:5 rw
>
> That doesn't work. Following is set:
>
> lxc.autodev = 1
>
> So what is the way to change permissions of files, which are mounted by
> LXC itself?
They should just be bind mounts from the host devices. What is
> Hello everybody,
>
> I'm struggling with LXC together with a version of Apache Webserver in
> an unprivileged container: the version of apache I have wants to
> open /dev/zero rw - that doesn't sound very intelligent, however it
> refuses to start without permissions to that.
>
> I'm using today LXD version 3.23
>
> ~# ls -l /dev/zero
> cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> ~# mount | grep zero
> udev on /dev/zero type devtmpfs
> (rw,nosuid,relatime,size=16464000k,nr_inodes=4116000,mode=755)
>
> I've tried
>
> lxc.cgroup.devices.allow = c 1:5 rw
>
> That doesn't work. Following is set:
>
> lxc.autodev = 1
>
> So what is the way to change permissions of files, which are mounted by
> LXC itself?
/dev/zero on your host?
In my container here, I have:
ubuntu@mail:~$ ls -l /dev/null
crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
-serge
Oliver Schad
May 19, 2021, 3:16:02 PM5/19/21
to lxc-...@lists.linuxcontainers.org
Hi Serge,
On Wed, 19 May 2021 08:28:21 -0500
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > ~# ls -l /dev/zero
> > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
[...]
writing designed, AFAIR the latter for reading.
But from my understanding, writing to /dev/zero should behave
like /dev/null, even if it doesn't sound very intuitive.
https://en.wikipedia.org/wiki//dev/zero
On Wed, 19 May 2021 08:28:21 -0500
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > ~# ls -l /dev/zero
> > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> In my container here, I have:
>
> ubuntu@mail:~$ ls -l /dev/null
> crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
/dev/null is correct, rw. But /dev/zero not. The first one is for
>
> ubuntu@mail:~$ ls -l /dev/null
> crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
writing designed, AFAIR the latter for reading.
But from my understanding, writing to /dev/zero should behave
like /dev/null, even if it doesn't sound very intuitive.
https://en.wikipedia.org/wiki//dev/zero
Serge E. Hallyn
May 19, 2021, 11:06:48 PM5/19/21
to Oliver Schad, lxc-...@lists.linuxcontainers.org
On Wed, May 19, 2021 at 09:15:52PM +0200, Oliver Schad wrote:
> Hi Serge,
>
> On Wed, 19 May 2021 08:28:21 -0500
> "Serge E. Hallyn" <se...@hallyn.com> wrote:
>
> > On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > > ~# ls -l /dev/zero
> > > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> [...]
> > In my container here, I have:
> >
> > ubuntu@mail:~$ ls -l /dev/null
> > crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
>
> /dev/null is correct, rw. But /dev/zero not. The first one is for
> writing designed, AFAIR the latter for reading.
>
> But from my understanding, writing to /dev/zero should behave
> like /dev/null, even if it doesn't sound very intuitive.
>
> https://en.wikipedia.org/wiki//dev/zero
If you look at the kernel source, you have
> Hi Serge,
>
> On Wed, 19 May 2021 08:28:21 -0500
> "Serge E. Hallyn" <se...@hallyn.com> wrote:
>
> > On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > > ~# ls -l /dev/zero
> > > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> [...]
> > In my container here, I have:
> >
> > ubuntu@mail:~$ ls -l /dev/null
> > crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
>
> /dev/null is correct, rw. But /dev/zero not. The first one is for
> writing designed, AFAIR the latter for reading.
>
> But from my understanding, writing to /dev/zero should behave
> like /dev/null, even if it doesn't sound very intuitive.
>
> https://en.wikipedia.org/wiki//dev/zero
853 #define zero_lseek null_lseek
854 #define full_lseek null_lseek
855 #define write_zero write_null
so don't let interpretations of the names bother you :)
-serge
Serge E. Hallyn
May 19, 2021, 11:12:26 PM5/19/21
to Oliver Schad, lxc-...@lists.linuxcontainers.org
On Wed, May 19, 2021 at 09:15:52PM +0200, Oliver Schad wrote:
> Hi Serge,
>
> On Wed, 19 May 2021 08:28:21 -0500
> "Serge E. Hallyn" <se...@hallyn.com> wrote:
>
> > On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > > ~# ls -l /dev/zero
> > > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> [...]
> > In my container here, I have:
> >
> > ubuntu@mail:~$ ls -l /dev/null
> > crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
>
> /dev/null is correct, rw. But /dev/zero not. The first one is for
serge@sl ~$ ls -l /dev/zero
>
> On Wed, 19 May 2021 08:28:21 -0500
> "Serge E. Hallyn" <se...@hallyn.com> wrote:
>
> > On Wed, May 19, 2021 at 11:48:29AM +0200, Oliver Schad wrote:
> > > ~# ls -l /dev/zero
> > > cr--r--r-- 1 nobody nogroup 1, 5 May 13 23:19 /dev/zero
> [...]
> > In my container here, I have:
> >
> > ubuntu@mail:~$ ls -l /dev/null
> > crw-rw-rw- 1 nobody nogroup 1, 3 May 12 17:40 /dev/null
>
> /dev/null is correct, rw. But /dev/zero not. The first one is for
crw-rw-rw- 1 root root 1, 5 May 12 12:40 /dev/zero
You started by asking :
> So what is the way to change permissions of files, which are mounted by
> LXC itself?
have to change the permissions on the host.
Oliver Schad
May 20, 2021, 4:35:54 AM5/20/21
to lxc-...@lists.linuxcontainers.org
On Wed, 19 May 2021 22:12:24 -0500
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> As I said, they are bind mounts from the host, so you
> have to change the permissions on the host.
Ok, that is a layer 8 problem: on one container hypervisor was a
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> As I said, they are bind mounts from the host, so you
> have to change the permissions on the host.
manual change on that device for whatever reason. I've checked by
accident exactly that one and reviewed a container on another host.
So you're right, the problem was on the host itself and we're using
mdev instead of udev, because we use s6, instead of upstart/systemd. We
fixed that inside of the mdev configuration.
Thank you for the hint.
Oliver Schad
May 20, 2021, 4:53:15 AM5/20/21
to lxc-...@lists.linuxcontainers.org
On Wed, 19 May 2021 22:06:46 -0500
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> > But from my understanding, writing to /dev/zero should behave
> > like /dev/null, even if it doesn't sound very intuitive.
> >
> > https://en.wikipedia.org/wiki//dev/zero
>
> If you look at the kernel source, you have
>
> 853 #define zero_lseek null_lseek
> 854 #define full_lseek null_lseek
> 855 #define write_zero write_null
>
> so don't let interpretations of the names bother you :)
Great, thanks for the research!
"Serge E. Hallyn" <se...@hallyn.com> wrote:
> > But from my understanding, writing to /dev/zero should behave
> > like /dev/null, even if it doesn't sound very intuitive.
> >
> > https://en.wikipedia.org/wiki//dev/zero
>
> If you look at the kernel source, you have
>
> 853 #define zero_lseek null_lseek
> 854 #define full_lseek null_lseek
> 855 #define write_zero write_null
>
> so don't let interpretations of the names bother you :)
Reply all
Reply to author
Forward
0 new messages