Public bug reported:
The latest policy on apparmor vs userns isn't to reject the namespace
creation outright but rather to deny all capabilities within that
namespace.
That breaks the glibc testsuite, again, because our patch only takes the
former policy into account, and so all tests that use test-container or
some ad-hoc code to create a userns will fail any time they try to do
something interesting, e.g.:
2722s FAIL: elf/tst-glibc-hwcaps-cache
2722s original exit status 1
2722s error: test-container.c:1136: could not create a private mount namespace
2722s
** Affects: glibc (Ubuntu)
Importance: Critical
Status: In Progress
** Tags: update-excuse
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059278
Title:
glibc: apparmor userns mitigation breaks test suite (again)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2059278/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
