unshare -r is broken

Bug #1452099 reported by Anders Kaseorg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
util-linux (Debian)
Fix Released
Unknown
util-linux (Ubuntu)
Fix Released
Undecided
Martin Pitt

Bug Description

After CVE-2014-8989 was fixed in Linux v3.19-rc1~41, ‘unshare -r’ no longer works.

$ unshare -Ur
unshare: write failed /proc/self/gid_map: Operation not permitted
$ sudo -i
# unshare -r
unshare: write failed /proc/self/gid_map: Operation not permitted

This was fixed in Debian’s util-linux 2.25.2-6.

Revision history for this message
Anders Kaseorg (andersk) wrote :
tags: added: patch patch-accepted-debian
Changed in util-linux (Debian):
status: Unknown → Fix Released
Martin Pitt (pitti)
Changed in util-linux (Ubuntu):
status: New → Fix Committed
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package util-linux - 2.26.2-2ubuntu2

---------------
util-linux (2.26.2-2ubuntu2) wily; urgency=medium

  * Version the Breaks: cloud-utils as 0.27-0ubuntu16 now works with
    util-linux 2.26, and also move it to cloud-guest-utils.

util-linux (2.26.2-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Regularly trim SSDs automatically (core-1311-ssd-trimming):
      + Add debian/fstrim-all.cron: Call fstrim --all. Installed as
        /etc/cron.weekly/fstrim.
    - Upstart support:
      + Add hwclock{-save}.upstart, and install them in debian/rules.
      + Drop debian/hwclock.rules and hwclock.default.
    - Add mountall-options.patch, see patch header.
    - Add debian/libblkid1.maintscript to clean up /etc/blkid.conf on upgrade.
      This needs to be kept until after Ubuntu 16.04 LTS.
    - Add libudev-dev build dependency for enabling LABEL information in lsblk
      (Closes: #776905)
  * This version fixes unshare -r (LP: #1452099)

 -- Martin Pitt <email address hidden> Tue, 12 May 2015 05:42:07 +0200

Changed in util-linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.