[Bug 1863733] Re: Bubblewrap upstream-as-root test fails on libcap2 1:2.31-1 and later
Sebastien Bacher
seb128 at ubuntu.com
Tue Mar 31 08:49:04 UTC 2020
https://launchpad.net/ubuntu/+source/bubblewrap/0.4.0-1ubuntu3
** Changed in: libcap2 (Ubuntu)
Status: New => Invalid
** Changed in: bubblewrap (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1863733
Title:
Bubblewrap upstream-as-root test fails on libcap2 1:2.31-1 and later
Status in bubblewrap package in Ubuntu:
Fix Released
Status in libcap2 package in Ubuntu:
Invalid
Status in bubblewrap package in Debian:
Fix Released
Bug description:
The bubblewrap upstream-as-root test started failing after libcap2
1:2.31-1 got synced from Debian. The same failure can be seen with
1:2.32-1. I have reproduced the issue locally on focal - when using
the focal-proposed version, the aforementioned test fails, where with
the release version (1:2.27-1) it passes.
It seems to fail here already:
bwrap --bind / / --tmpfs /tmp --as-pid-1 --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print
assert_not_file_has_content caps.test '^Current: =.*cap_kill'
It looks like the requested caps did not get dropped, as the logs show
that both cap_kill and cap_fowner are still there. This is only for
the upstream-as-root test, i.e. executing tests/test-run.sh as root.
This might be an issue with bubblewrap, but seeing that it all works
fine with the release version, it all feels weird.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1863733/+subscriptions
More information about the foundations-bugs
mailing list