Bug#1019929: marked as done (podman: Subordinate UID/GID ranges not fetched from libsubid)
Your message dated Thu, 24 Nov 2022 21:05:07 + with message-id and subject line Bug#1019929: fixed in libpod 4.3.1+ds1-4 has caused the Debian Bug report #1019929, regarding podman: Subordinate UID/GID ranges not fetched from libsubid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1019929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: podman Version: 4.2.0+ds1-3 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've not got anything in /etc/subuid or /etc/subgid because subordinate id range info is stored in LDAP. $ grep ^subid: /etc/nsswitch.conf subid: sss This is transparent to clients using libsubid: $ getsubids sam 0: sam 2147483648 65536 ... but it looks like podman doesn't use this library yet: $ podman system info ERRO[] cannot find UID/GID for user sam: no subuid ranges found for user "sam" in /etc/subuid - check rootless mode in man pages. WARN[] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user [...] idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 uidmap: - container_id: 0 host_id: 1000 size: 1 [...] - -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 5.19.0-1-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages podman depends on: ii conmon 2.1.3+ds1-1 ii crun 1.5+dfsg-1+b1 ii golang-github-containers-common 0.48.0+ds1-1 ii libc62.34-7 ii libdevmapper1.02.1 2:1.02.185-1 ii libgpgme11 1.17.1-4.1 ii libseccomp2 2.5.4-1+b1 ii systemd [systemd-tmpfiles] 251.4-3 Versions of packages podman recommends: ii buildah1.26.1+ds1-1 ii catatonit 0.1.7-1 ii dbus-user-session 1.14.0-2 ii fuse-overlayfs 1.9-1 ii slirp4netns1.2.0-1 ii uidmap 1:4.11.1+dfsg1-2 Versions of packages podman suggests: ii containers-storage 1.37.2+ds1-1+b2 pn docker-compose ii iptables1.8.8-1 - -- no debconf information -BEGIN PGP SIGNATURE- iIgEARYIADAWIQTWOGqGn6HETecdzqZOEaKLhlAYigUCYyRZrhIcc2FtQHJvYm90 cy5vcmcudWsACgkQThGii4ZQGIra+wEA9cSULDer04xzpg1djBcsaxdK78eH6avT szoQ8hl2ERMA/08sN17EOvYQOLB8WwleW1kPCQZdDztMiapcY5Ep7CYI =DI3R -END PGP SIGNATURE- --- End Message --- --- Begin Message --- Source: libpod Source-Version: 4.3.1+ds1-4 Done: Reinhard Tartler We believe that the bug you reported is fixed in the latest version of libpod, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1019...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated libpod package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 24 Nov 2022 15:35:49 -0500 Source: libpod Architecture: source Version: 4.3.1+ds1-4 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Reinhard Tartler Closes: 1000521 1001780 1003486 1006426 1007022 1009374 1009376 1009747 1012053 1014309 1019591 1019929 Changes: libpod (4.3.1+ds1-4) unstable; urgency=medium . * upload to unstable . libpod (4.3.1+ds1-3) experimental; urgency=medium . * debian/rules: make the previous change to build machine/qemu only on supported architecture actually work . libpod (4.3.1+ds1-2) experimental; urgency=medium . * Build machine/qemu only on amd64, arm64, fixes FTBFS . libpod (4.3.1+ds1-1) experimental; urgency=medium . * New upstream release - Add container GID to additional groups, fixes CVE-2022-2989,
Bug#1019929: marked as done (podman: Subordinate UID/GID ranges not fetched from libsubid)
Your message dated Mon, 14 Nov 2022 00:34:40 + with message-id and subject line Bug#1019929: fixed in libpod 4.3.1+ds1-1 has caused the Debian Bug report #1019929, regarding podman: Subordinate UID/GID ranges not fetched from libsubid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1019929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: podman Version: 4.2.0+ds1-3 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've not got anything in /etc/subuid or /etc/subgid because subordinate id range info is stored in LDAP. $ grep ^subid: /etc/nsswitch.conf subid: sss This is transparent to clients using libsubid: $ getsubids sam 0: sam 2147483648 65536 ... but it looks like podman doesn't use this library yet: $ podman system info ERRO[] cannot find UID/GID for user sam: no subuid ranges found for user "sam" in /etc/subuid - check rootless mode in man pages. WARN[] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user [...] idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 uidmap: - container_id: 0 host_id: 1000 size: 1 [...] - -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 5.19.0-1-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages podman depends on: ii conmon 2.1.3+ds1-1 ii crun 1.5+dfsg-1+b1 ii golang-github-containers-common 0.48.0+ds1-1 ii libc62.34-7 ii libdevmapper1.02.1 2:1.02.185-1 ii libgpgme11 1.17.1-4.1 ii libseccomp2 2.5.4-1+b1 ii systemd [systemd-tmpfiles] 251.4-3 Versions of packages podman recommends: ii buildah1.26.1+ds1-1 ii catatonit 0.1.7-1 ii dbus-user-session 1.14.0-2 ii fuse-overlayfs 1.9-1 ii slirp4netns1.2.0-1 ii uidmap 1:4.11.1+dfsg1-2 Versions of packages podman suggests: ii containers-storage 1.37.2+ds1-1+b2 pn docker-compose ii iptables1.8.8-1 - -- no debconf information -BEGIN PGP SIGNATURE- iIgEARYIADAWIQTWOGqGn6HETecdzqZOEaKLhlAYigUCYyRZrhIcc2FtQHJvYm90 cy5vcmcudWsACgkQThGii4ZQGIra+wEA9cSULDer04xzpg1djBcsaxdK78eH6avT szoQ8hl2ERMA/08sN17EOvYQOLB8WwleW1kPCQZdDztMiapcY5Ep7CYI =DI3R -END PGP SIGNATURE- --- End Message --- --- Begin Message --- Source: libpod Source-Version: 4.3.1+ds1-1 Done: Reinhard Tartler We believe that the bug you reported is fixed in the latest version of libpod, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1019...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated libpod package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 13 Nov 2022 12:27:53 -0500 Source: libpod Architecture: source Version: 4.3.1+ds1-1 Distribution: experimental Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Reinhard Tartler Closes: 1019591 1019929 Changes: libpod (4.3.1+ds1-1) experimental; urgency=medium . * New upstream release - Add container GID to additional groups, fixes CVE-2022-2989, closes: #1019591 * Bugfix: Subordinate UID/GID ranges not fetched from libsubid, Thanks to Sam Morris for the patch, closes: #1019929 Checksums-Sha1: f39b8551302423f2a0414de8e4e95ca741b1f229 5179 libpod_4.3.1+ds1-1.dsc 764647a82cb895c1e747f27f1c43d6225cabbbdb 2590124 libpod_4.3.1+ds1.orig.tar.xz 4ca18f53f4bdd47f0e28d131556bc20274ba1fb0 15612 libpod_4.3.1+ds1-1.debian.tar.xz Checksums-Sha256:
