[Kernel-packages] [Bug 2040194] Re: apparmor restricts read access of user namespace mediation sysctls to root

Ubuntu Kernel Bot Tue, 05 Dec 2023 02:13:32 -0800

This bug is awaiting verification that the linux-gcp/6.5.0-1010.10
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-mantic-linux-gcp' to 'verification-done-mantic-
linux-gcp'. If the problem still exists, change the tag 'verification-
needed-mantic-linux-gcp' to 'verification-failed-mantic-linux-gcp'.



If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-mantic-linux-gcp-v2 
verification-needed-mantic-linux-gcp

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040194

Title:
  apparmor restricts read access of user namespace mediation sysctls to
  root

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Mantic:
  Fix Committed

Bug description:
  lxc and lxd currently need to determine if the apparmor restriction           
  
  on unprivileged user namespaces are being enforced, so that apparmor          
  
  restrictions won't break lxc/d, and they won't clutter the logs               
  
  by doing something like                                                       
  
                                                                                
  
    unshare true                                                                
  
                                                                                
  
  to test if the restrictions are being enforced.                               
  
                                                                                
  
  Ideally access to this information would be restricted so that any            
  
  unknown access would be logged, but lxc/d currently aren't ready for          
  
  this so in order to _not_ force lxc/d to probe whether enforcement is         
  
  enabled, open up read access to the sysctls for unprivileged user             
  
  namespace mediation.                                                          
  
   
  https://github.com/canonical/lxd/issues/11920#issuecomment-1756110109

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040194/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2040194] Re: apparmor restricts read access of user namespace mediation sysctls to root

Reply via email to