[Bug 2067644] Re: containers in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail on Noble

Kernel call trace of the setgid(0) system call (i.e., SAFE_SETGID(0) in ltp/testcases/kernel/containers/userns/userns08.c). ```sh aa_capable(const struct cred * subj_cred, const struct cred * subj_cred@entry, struct aa_label * label, struct aa_label * label@entry, int cap, int cap@entry, unsigned int opts, unsigned int opts@entry) (security/apparmor/capability.c:181) apparmor_capable(const struct cred * cred, struct user_namespace * ns, int cap, unsigned int opts) (security/apparmor/lsm.c:214) security_capable(const struct cred * cred, struct user_namespace * ns, int cap, int cap@entry, unsigned int opts, unsigned int opts@entry) (security/security.c:1089) ns_capable_common(int cap, int cap@entry, struct user_namespace * ns) (kernel/capability.c:342) ns_capable_setid(struct user_namespace * ns, int cap, int cap@entry) (kernel/capability.c:400) __sys_setgid(gid_t gid) (kernel/sys.c:497) __do_sys_setgid(gid_t gid) (kernel/sys.c:517) __se_sys_setgid(long gid) (kernel/sys.c:515) __x64_sys_setgid(const struct pt_regs * regs) (kernel/sys.c:515) x64_sys_call(const struct pt_regs * regs, const struct pt_regs * regs@entry, unsigned int nr) (debian/build/build-oem/arch/x86/include/generated/asm/syscalls_64.h:107) do_syscall_x64(int nr, struct pt_regs * regs) (arch/x86/entry/syscall_64.c:63) do_syscall_64(struct pt_regs * regs, int nr) (arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64() (arch/x86/entry/entry_64.S:121) ``` -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2067644 Title: containers in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail on Noble Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: New Status in linux source package in Noble: New Bug description: Both the containers test in ubuntu_ltp_stable and cve-2018-18955 in ubuntu_ltp_cve fail with a similar error on Noble. This happens on multiple noble kernels, including generic, realtime, and ibm. The following error references a commit, but these kernels have that commit applied. The errors are as follows: containers in ubuntu_ltp_stable: 18189 13:55:14 DEBUG| [stdout] userns08.c:80: TBROK: setgid(0) failed: EPERM (1) 18190 13:55:14 DEBUG| [stdout] 18191 13:55:14 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes: 18192 13:55:14 DEBUG| [stdout] 18193 13:55:14 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4 cve-2018-18955 in ubuntu_ltp_cve: 40826 userns08.c:80: TBROK: setgid(0) failed: EPERM (1) 40827 40828 HINT: You _MAY_ be missing kernel fixes: 40829 40830 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2067644/+subscriptions