[Bug 2059278] Re: glibc: apparmor userns mitigation breaks test suite (again)
Launchpad Bug Tracker
2059278 at bugs.launchpad.net
Fri Apr 5 08:39:14 UTC 2024
This bug was fixed in the package glibc - 2.39-0ubuntu8
---------------
glibc (2.39-0ubuntu8) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek at ubuntu.com> Sat, 30 Mar 2024
07:42:05 +0000
** Changed in: glibc (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3094
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2059278
Title:
glibc: apparmor userns mitigation breaks test suite (again)
Status in glibc package in Ubuntu:
Fix Released
Bug description:
The latest policy on apparmor vs userns isn't to reject the namespace
creation outright but rather to deny all capabilities within that
namespace.
That breaks the glibc testsuite, again, because our patch only takes
the former policy into account, and so all tests that use test-
container or some ad-hoc code to create a userns will fail any time
they try to do something interesting, e.g.:
2722s FAIL: elf/tst-glibc-hwcaps-cache
2722s original exit status 1
2722s error: test-container.c:1136: could not create a private mount namespace
2722s
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2059278/+subscriptions
More information about the foundations-bugs
mailing list