Source: criu Version: 4.1-1 Severity: serious Tags: upstream Justification: renders package unusable for users restoring container X-Debbugs-Cc: [email protected]
The criu project today released 4.1.1 as bufix release containing one single fix: | This release of CRIU (4.1.1) addresses a critical compatibility issue | introduced in the Linux kernel and back-ported to all stable releases. | | The kernel commit (12f147ddd6de "do_change_type(): refuse to operate on | unmounted/not ours mounts") addressed the security issue introduced | almost 20 years ago. Unfortunately, this change inadvertently broke the | restore functionality of mount namespaces within CRIU. Users attempting | to restore a container on updated kernels would encounter the error: | "mnt-v2: Failed to make mount 476 slave: Invalid argument." | | This release contains the necessary adjustments to CRIU, allowing it to | work seamlessly with kernels incorporating this security change. https://github.com/checkpoint-restore/criu/releases/tag/v4.1.1 The kernel change is a security fix which was backported to all stable eseries, and in particular for Debian relevant as 6.1.142 (not yet released but will be soon as DSA), 6.12.34 in trixie. The fix should land ideally in trixie, but I'm awaere that the last posibiltiy for unblocks is just around the corner. I'm right now verifying the fix and filling this bug already for transparency. Regards, Salvatore
