[Bug 2059278] Re: glibc: apparmor userns mitigation breaks test suite (again)
Simon Chopin
2059278 at bugs.launchpad.net
Tue Apr 2 12:22:24 UTC 2024
** Tags removed: update-excuse
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2059278
Title:
glibc: apparmor userns mitigation breaks test suite (again)
Status in glibc package in Ubuntu:
Fix Committed
Bug description:
The latest policy on apparmor vs userns isn't to reject the namespace
creation outright but rather to deny all capabilities within that
namespace.
That breaks the glibc testsuite, again, because our patch only takes
the former policy into account, and so all tests that use test-
container or some ad-hoc code to create a userns will fail any time
they try to do something interesting, e.g.:
2722s FAIL: elf/tst-glibc-hwcaps-cache
2722s original exit status 1
2722s error: test-container.c:1136: could not create a private mount namespace
2722s
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2059278/+subscriptions
More information about the foundations-bugs
mailing list