unshare(1) fails within testbed VMs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Auto Package Testing |
Triaged
|
Undecided
|
Unassigned |
Bug Description
We hit this while running src:autopkgtest autopackage tests (d/t/unshare), but other packages may be affected too. In short: this works on my Noble laptop:
paride@ossimoro:~$ cat /etc/subuid
paride:100000:65536
paride@ossimoro:~$ cat /etc/subgid
paride:100000:65536
paride@ossimoro:~$ unshare --map-auto --map-root-user
root@ossimoro:~# id
uid=0(root) gid=0(root) groups=
root@ossimoro:~# su -c id
uid=0(root) gid=0(root) groups=0(root)
However, in a Noble amd64 testbed VM (running in lcy02):
ubuntu@
ubuntu:100000:65536
ubuntu@
ubuntu:100000:65536
ubuntu@
root@autopkgtest:~# id
uid=0(root) gid=0(root) groups=
root@autopkgtest:~# su -c id
su: cannot set groups: Operation not permitted
root@autopkgtest:~# echo $?
1
I am currently unable to tell what differs between the two systems.
description: | updated |
That depends on:
kernel. apparmor_ restrict_ unprivileged_ userns
See: https:/ /gitlab. com/apparmor/ apparmor/ -/wikis/ unprivileged_ userns_ restriction