glibc: apparmor userns mitigation breaks test suite (again)
Bug #2059278 reported by
Simon Chopin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| glibc (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
The latest policy on apparmor vs userns isn't to reject the namespace creation outright but rather to deny all capabilities within that namespace.
That breaks the glibc testsuite, again, because our patch only takes the former policy into account, and so all tests that use test-container or some ad-hoc code to create a userns will fail any time they try to do something interesting, e.g.:
2722s FAIL: elf/tst-
2722s original exit status 1
2722s error: test-container.
2722s
CVE References
| Changed in glibc (Ubuntu): | |
| status: | In Progress → Fix Committed |
| tags: | removed: update-excuse |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in glibc (Ubuntu): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package glibc - 2.39-0ubuntu8
---------------
glibc (2.39-0ubuntu8) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sat, 30 Mar 2024 07:42:05 +0000