[Bug 2067644] Re: containers in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail on Noble

As Juerg wrote on 2024-05-31, this issue is indeed caused by the AppArmor configuration. ```sh $ apt download apparmor Get:1 http://au.archive.ubuntu.com/ubuntu noble-updates/main amd64 apparmor amd64 4.0.1really4.0.1-0ubuntu0.24.04.6 [639 kB] Fetched 639 kB in 0s (5137 kB/s) $ mkdir aa $ dpkg -x apparmor_4.0.1really4.0.1-0ubuntu0.24.04.6_amd64.deb aa $ cd aa aa$ find . -name "*.conf" ./usr/lib/sysctl.d/10-apparmor.conf ./etc/apparmor/parser.conf aa$ cat ./usr/lib/sysctl.d/10-apparmor.conf # AppArmor restrictions of unprivileged user namespaces # Allows to restrict the use of unprivileged user namespaces to applications # which have an AppArmor profile loaded which specifies the userns # permission. All other applications (whether confined by AppArmor or not) will # be denied the use of unprivileged user namespaces. # # See # https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction # # If it is desired to disable this restriction, it is preferable to create an # additional file named /etc/sysctl.d/20-apparmor.conf which will override this # current file and sets this value to 0 rather than editing this current file kernel.apparmor_restrict_unprivileged_userns = 1 ``` -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2067644 Title: containers in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail on Noble Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: New Status in linux source package in Noble: New Bug description: Both the containers test in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail with a similar error on Noble. This happens on multiple noble kernels, including generic, realtime, and ibm. The following error references a commit, but these kernels have that commit applied. The errors are as follows: containers in ubuntu_ltp_stable: 18189 13:55:14 DEBUG| [stdout] userns08.c:80: TBROK: setgid(0) failed: EPERM (1) 18190 13:55:14 DEBUG| [stdout] 18191 13:55:14 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes: 18192 13:55:14 DEBUG| [stdout] 18193 13:55:14 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4 cve-2018-18955 in ubuntu_ltp_cve: 40826 userns08.c:80: TBROK: setgid(0) failed: EPERM (1) 40827 40828 HINT: You _MAY_ be missing kernel fixes: 40829 40830 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2067644/+subscriptions