** Description changed: + == SRU Justification == + + Impact: Root in a user namespace cannot create new hardlinks to suid + files owned by another user even when the inode owner is mapped into + that user namespace. This is causing some package upgrades to fail in + unprivileged containers. + + Fix: Patch from linux-next to allow a user with CAP_FOWNER in a user + namespace to link to a suid inode if the inode owner is mapped into the + user namespace. + + Regression Potential: The main risks here would be security related + since the fix is a loosening of the protected_hardlinks sysctl which + serves as a mitigation against some classes of security vulnerabilities. + However a user which would now be allowed to link directly would + generally be able to create links to the same file via other mechanisms + already, so it's unlikely that this creates any additional attack + surface in practice. + + --- + Upon trying to do an apt-get upgrade I run into this error: - - sudo apt-get dist-upgrade + sudo apt-get dist-upgrade Reading package lists... Done - Building dependency tree + Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: - uuid-runtime + uuid-runtime 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 2 not fully installed or removed. Need to get 0 B/12.3 kB of archives. After this operation, 0 B of additional disk space will be used. - Do you want to continue? [Y/n] + Do you want to continue? [Y/n] (Reading database ... 27622 files and directories currently installed.) Preparing to unpack .../uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb ... Unpacking uuid-runtime (2.20.1-5.1ubuntu20.7) over (2.20.1-5.1ubuntu20.6) ... dpkg: error processing archive /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb (--unpack): - unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted + unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted Processing triggers for man-db (2.6.7.1-1ubuntu1) ... Errors were encountered while processing: - /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb + /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: util-linux 2.20.1-5.1ubuntu20.7 ProcVersionSignature: Ubuntu 3.19.0-26.28~14.04.1-generic 3.19.8-ckt4 Uname: Linux 3.19.0-26-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.13 Architecture: amd64 Date: Mon Sep 21 19:43:02 2015 ProcEnviron: - TERM=screen-256color - PATH=(custom, no user) - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=screen-256color + PATH=(custom, no user) + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: util-linux UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1498162 Title: unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1498162/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
