Ubuntu
linux package

Comment 0 for bug 1991975

Revision history for this message

Dave Chiluk (chiluk) wrote on 2022-10-06: dev file system is mounted without nosuid

This is similar to https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

I discovered that my ec2 instances based off of Canonical supplied AMI ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without the nosuid option.

https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

My usb installed 20.04.4 home machine does not have this problem, but it has been installed for quite some time. My 22.04 laptop machine also does not have this issue.

Reproduce.
Start an ec2 instance based off of ami-0a23d90349664c6ee.
$ mount | grep devtmpfs
nosuid found in the options list.

I've checked the initrd, and /etc/init.d/udev script and all places I know of where dev gets mounted set nosuid, so it's non-obvious what boot code-path is being taken that results in nosuid missing.

Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.release: 4.2
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias: dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen

This is similar to https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

I discovered that my ec2 instances based off of Canonical supplied AMI ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without the nosuid option.

https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

My usb installed 20.04.4 home machine does not have this problem, but it has been installed for quite some time.  My 22.04 laptop machine also does not have this issue.

Reproduce.
Start an ec2 instance based off of ami-0a23d90349664c6ee.
$ mount | grep devtmpfs 
nosuid found in the options list.

I've checked the initrd, and /etc/init.d/udev script and all places I know of where dev gets mounted set nosuid, so it's non-obvious what boot code-path is being taken that results in nosuid missing.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: udev 245.4-4ubuntu3.18
ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
Uname: Linux 5.15.0-1020-aws x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
Date: Thu Oct  6 17:39:42 2022
Ec2AMI: ami-0a23d90349664c6ee
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-2c
Ec2InstanceType: t2.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:
 
Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.release: 4.2
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias: dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen

Ubuntulinux package

Comment 0 for bug 1991975

Ubuntu
linux package