Bubblewrap upstream-as-root test fails on libcap2 1:2.31-1 and later
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bubblewrap (Debian) |
Fix Released
|
Unknown
|
|||
bubblewrap (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libcap2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The bubblewrap upstream-as-root test started failing after libcap2 1:2.31-1 got synced from Debian. The same failure can be seen with 1:2.32-1. I have reproduced the issue locally on focal - when using the focal-proposed version, the aforementioned test fails, where with the release version (1:2.27-1) it passes.
It seems to fail here already:
bwrap --bind / / --tmpfs /tmp --as-pid-1 --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print
assert_
It looks like the requested caps did not get dropped, as the logs show that both cap_kill and cap_fowner are still there. This is only for the upstream-as-root test, i.e. executing tests/test-run.sh as root.
This might be an issue with bubblewrap, but seeing that it all works fine with the release version, it all feels weird.
Related branches
- Sebastien Bacher (community): Approve
- Andreas Hasenack: Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 73 lines (+53/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/lp-1863733-tests-Update-output-patterns-for-libcap-2.29.patch (+45/-0)
debian/patches/series (+1/-0)
Changed in bubblewrap (Debian): | |
status: | Unknown → Fix Released |
Example test output log: https:/ /objectstorage. prodstack4- 5.canonical. com/v1/ AUTH_77e2ada1e7 a84929a74ba3b87 153c0ac/ autopkgtest- focal/focal/ amd64/b/ bubblewrap/ 20200217_ 205507_ 3784d@/ log.gz