** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: linux (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1780227
Title:
locking sockets broken due to missing AppArmor socket mediation
patches
Status in linux package in Ubuntu:
Confirmed
Bug description:
Hey,
Newer systemd makes use of locks placed on AF_UNIX sockets created
with the socketpair() syscall to synchronize various bits and pieces
when isolating services. On kernels prior to 4.18 that do not have
backported the AppArmor socket mediation patchset this will cause the
locks to be denied with EACCESS. This causes systemd to be broken in
LXC and LXD containers that do not run unconfined which is a pretty
big deal. We have seen various bug reports related to this. See for
example [1] and [2].
If feasible it would be excellent if we could backport the socket
mediation patchset to all LTS kernels. Afaict, this should be 4.4 and
4.15. This will unbreak a whole range of use-cases.
The socket mediation patchset is available here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4
[1]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779
[2]: https://github.com/systemd/systemd/issues/9493
Thanks!
Christian
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
