A naieve test of aufs directly shows that chown and chmod do cause a copy up of the underlying files as expected.
In the read only layer before chmod/chown: drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D1 drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D2 drwxrwxr-x 2 apw apw 4096 Mar 18 09:16 D3 In the mount after: drwxrwxr-x 2 sbuild sbuild 4096 Mar 18 09:16 D1 drwxrwxrwx 2 apw apw 4096 Mar 18 09:16 D2 drwxrwxrwx 2 apw apw 4096 Mar 18 09:16 D3 The underlying permissions remain unchanged after these operations. This all seems semantically correct. I need a description of how we are using aufs in these this scenario (in comment #2), for instance are we modifing the actual underlying files while mounted which would be a no-no. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1293549 Title: Filesystem mount from lxc template causes filesystem permission breakages Status in juju-core: In Progress Status in lxc containers: Confirmed Status in “linux” package in Ubuntu: Confirmed Status in “postgresql” package in Juju Charms Collection: New Bug description: In juju-core 1.17.5, creating new lxc machines is now much faster as it appears to be using a template machine. In addition, the root filesystem is mounted from the template machine. Unfortunately, this causes filesystem permissions to screw up. juju deploy ubuntu juju ssh ubuntu/0 sudo chown ubuntu:ubuntu /etc/ssl/private ls /etc/ssl/private That final 'ls' fails with a permission denied. This is possibly a security precaution in lxc or the filesystem. This issue breaks the postgresql charm. The PostgreSQL packages require and use the ssl-cert package, which changes /etc/ssl/private to be group readable by the ssl-cert group. The postgres user, a member of the ssl-cert group, is unable to read the private key stored in this directory. To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1293549/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
