Your message dated Thu, 31 Jul 2025 17:43:16 +0000
with message-id <[email protected]>
and subject line unblock criu
has caused the Debian Bug report #1110099,
regarding unblock: criu/4.1.1-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110099
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:criu
User: [email protected]
Usertags: unblock
Dear release team,
Please unblock package criu
I realize this is coming now quite during a fragile moment for the
trixie release, with the last unblock requests accepted tomorrow
latest.
[ Reason ]
Today there was a criu/4.1.1 upstream release fixing an important
issue breaking the restore functionality of mount namespaces within
CRIU, which for instance would as well affect users which try to
restore a container. The issue is introduced due to a Linux kernel
change (a security fix, no CVE yet assigned), namely 12f147ddd6de
"do_change_type(): refuse to operate on unmounted/not ours mounts")
which got backported as well to all relevant stable series.
Debian bug: https://bugs.debian.org/1110096
The 4.1.1 is a bugfix release on top of 4.1 with that bugfix, so I
would prefer to take 4.1.1 instread of cherry-picking the commit if
possible. The upstream changes contain as well one single change to
test suite makefile to remove an unused compiler argument.
[ Impact ]
Users for instance restoring containers will encounter the error:
"mnt-v2: Failed to make mount 476 slave: Invalid argument.".
[ Tests ]
Did run the autopkgtest suite with the updated 4.1.1 package. Before
the update with the current trixie kernel 6.12.38-1 various test
indeed fail with the mentioned error. With the update criu package
those are resolved.
In my local autopkgtests the tests passed:
888s integration-tests PASS
888s autodep8-python3 PASS (superficial)
[ Risks ]
Direct upstream change for this targeted critical compatibility issue.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
How do you like me to proceed? I have not uploaded anything yet
waiting for your guidance. If the time is gone for updates, I thin
kthis should go into the first trixie point release and would prepare
a separate update (basically a rebuild of 4.1.1-1 as 4.1.1~deb13u1,
but users updating to trixie will encounter that issue).
unblock criu/4.1.1-1
Regards,
Salvatore
diff -Nru criu-4.1/Makefile.versions criu-4.1.1/Makefile.versions
--- criu-4.1/Makefile.versions 2025-03-25 22:31:33.000000000 +0100
+++ criu-4.1.1/Makefile.versions 2025-07-29 18:10:08.000000000 +0200
@@ -2,7 +2,7 @@
# CRIU version.
CRIU_VERSION_MAJOR := 4
CRIU_VERSION_MINOR := 1
-CRIU_VERSION_SUBLEVEL :=
+CRIU_VERSION_SUBLEVEL := 1
CRIU_VERSION_EXTRA :=
CRIU_VERSION_NAME := CRISCV
CRIU_VERSION := $(CRIU_VERSION_MAJOR)$(if
$(CRIU_VERSION_MINOR),.$(CRIU_VERSION_MINOR))$(if
$(CRIU_VERSION_SUBLEVEL),.$(CRIU_VERSION_SUBLEVEL))$(if
$(CRIU_VERSION_EXTRA),.$(CRIU_VERSION_EXTRA))
diff -Nru criu-4.1/criu/mount-v2.c criu-4.1.1/criu/mount-v2.c
--- criu-4.1/criu/mount-v2.c 2025-03-25 22:31:33.000000000 +0100
+++ criu-4.1.1/criu/mount-v2.c 2025-07-29 18:10:08.000000000 +0200
@@ -927,8 +927,12 @@
static int restore_one_sharing(struct sharing_group *sg, struct mount_info
*target)
{
+ int nsfd = -1, orig_nsfd = -1, exit_code = -1;
char target_path[PATH_MAX];
- int target_fd;
+ int target_fd = -1;
+
+ if (!sg->master_id && !sg->shared_id)
+ return 0;
target_fd = fdstore_get(target->mnt_fd_id);
BUG_ON(target_fd < 0);
@@ -943,8 +947,7 @@
first = get_first_mount(sg->parent);
if (move_mount_set_group(first->mnt_fd_id, NULL,
target->mnt_fd_id)) {
pr_err("Failed to copy sharing from %d to
%d\n", first->mnt_id, target->mnt_id);
- close(target_fd);
- return -1;
+ goto err;
}
} else {
/*
@@ -956,16 +959,23 @@
*/
if (move_mount_set_group(-1, sg->source,
target->mnt_fd_id)) {
pr_err("Failed to copy sharing from source %s
to %d\n", sg->source, target->mnt_id);
- close(target_fd);
- return -1;
+ goto err;
}
}
+ }
+
+ nsfd = fdstore_get(target->nsid->mnt.nsfd_id);
+ if (nsfd < 0)
+ goto err;
+ if (switch_ns_by_fd(nsfd, &mnt_ns_desc, &orig_nsfd))
+ goto err;
+
+ if (sg->master_id) {
/* Convert shared_id to master_id */
if (mount(NULL, target_path, NULL, MS_SLAVE, NULL)) {
pr_perror("Failed to make mount %d slave",
target->mnt_id);
- close(target_fd);
- return -1;
+ goto err;
}
}
@@ -973,13 +983,16 @@
if (sg->shared_id) {
if (mount(NULL, target_path, NULL, MS_SHARED, NULL)) {
pr_perror("Failed to make mount %d shared",
target->mnt_id);
- close(target_fd);
- return -1;
+ goto err;
}
}
- close(target_fd);
-
- return 0;
+ exit_code = 0;
+err:
+ close_safe(&target_fd);
+ close_safe(&nsfd);
+ if (orig_nsfd >= 0 && restore_ns(orig_nsfd, &mnt_ns_desc))
+ exit_code = -1;
+ return exit_code;
}
static int restore_one_sharing_group(struct sharing_group *sg)
diff -Nru criu-4.1/debian/changelog criu-4.1.1/debian/changelog
--- criu-4.1/debian/changelog 2025-03-27 23:23:08.000000000 +0100
+++ criu-4.1.1/debian/changelog 2025-07-29 20:37:31.000000000 +0200
@@ -1,3 +1,11 @@
+criu (4.1.1-1) unstable; urgency=medium
+
+ * New upstream version 4.1.1
+ - mount-v2: enter the mount namesapce to propagation properties
+ (Closes: #1110096)
+
+ -- Salvatore Bonaccorso <[email protected]> Tue, 29 Jul 2025 20:37:31 +0200
+
criu (4.1-1) unstable; urgency=medium
* Upload to unstable
diff -Nru criu-4.1/test/zdtm/Makefile.inc criu-4.1.1/test/zdtm/Makefile.inc
--- criu-4.1/test/zdtm/Makefile.inc 2025-03-25 22:31:33.000000000 +0100
+++ criu-4.1.1/test/zdtm/Makefile.inc 2025-07-29 18:10:08.000000000 +0200
@@ -76,7 +76,7 @@
%.d: %.c
$(E) " DEP " $@
- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -MM -MP -c $< -o $@
+ $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -MM -MP $< -o $@
%.o: %.c | %.d
$(E) " CC " $@
--- End Message ---
--- Begin Message ---
Unblocked criu.
--- End Message ---
