Package: release.debian.org Severity: normal Tags: trixie User: [email protected] Usertags: pu X-Debbugs-Cc: [email protected] Control: affects -1 + src:incus
[ Reason ] runc's recent fix for CVE-2025-52881 has exposed a problem with apparmor profiles for nested containers (https://github.com/opencontainers/runc/issues/4968). This requires an update to Incus' logic for generating a container's apparmor profile. [ Impact ] Users cannot run docker within an Incus container. [ Tests ] I have manually tested running docker within a container and verified that `docker run hello-world` works once again with the fix. [ Risks ] Minor/none -- the fix has been in upstream Incus packages for two weeks and no regressions have been reported. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Rebase fix from upstream: https://github.com/lxc/incus/pull/2624. [ Other info ] The source debdiff is attached.
diff -Nru incus-6.0.4/debian/changelog incus-6.0.4/debian/changelog --- incus-6.0.4/debian/changelog 2025-11-10 13:32:56.000000000 +0000 +++ incus-6.0.4/debian/changelog 2025-11-22 15:21:53.000000000 +0000 @@ -1,3 +1,9 @@ +incus (6.0.4-2+deb13u3) trixie; urgency=medium + + * Backport fix for running nested docker in containers (Closes: #1121011) + + -- Mathias Gibbens <[email protected]> Sat, 22 Nov 2025 15:21:53 +0000 + incus (6.0.4-2+deb13u2) trixie-security; urgency=high * Backport upstream fix for GHSA-56mx-8g9f-5crf diff -Nru incus-6.0.4/debian/patches/008-cherry-pick-fix-nested-docker.patch incus-6.0.4/debian/patches/008-cherry-pick-fix-nested-docker.patch --- incus-6.0.4/debian/patches/008-cherry-pick-fix-nested-docker.patch 1970-01-01 00:00:00.000000000 +0000 +++ incus-6.0.4/debian/patches/008-cherry-pick-fix-nested-docker.patch 2025-11-22 15:21:53.000000000 +0000 @@ -0,0 +1,72 @@ +From 1fbe4bffb9748cc3b07aaf5db310d463c1e827d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= <[email protected]> +Date: Wed, 5 Nov 2025 20:24:47 -0500 +Subject: [PATCH] incusd/apparmor/lxc: Don't bother with sys/proc protections + when nesting enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When nesting is enabled, it's possible for the container to get a clean +copy of /proc or /sys mounted anywhere without AppArmor being able to +mediate. So there's little point in trying to apply safety checks on top +of the main /proc and /sys. + +On top of that, we've recently discovered that AppArmor doesn't properly +handle file access relative to a file descriptor, causing a bunch of +those checks to deny access when they shouldn't. + +Closes #2623 + +Signed-off-by: Stéphane Graber <[email protected]> +Rebased-by: Mathias Gibbens <[email protected]> +--- + internal/server/apparmor/instance_lxc.profile.go | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/internal/server/apparmor/instance_lxc.profile.go b/internal/server/apparmor/instance_lxc.profile.go +index 5c46e8af0..417eb6f97 100644 +--- a/internal/server/apparmor/instance_lxc.profile.go ++++ b/internal/server/apparmor/instance_lxc.profile.go +@@ -329,6 +329,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) { + mount options=(rw,move) /sy[^s]*{,/**}, + mount options=(rw,move) /sys?*{,/**}, + ++{{- if not .nesting }} + # Block dangerous paths under /proc/sys + deny /proc/sys/[^fkn]*{,/**} wklx, + deny /proc/sys/f[^s]*{,/**} wklx, +@@ -424,6 +425,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) { + deny /sys/fs/cgrou[^p]*{,/**} wklx, + deny /sys/fs/cgroup?*{,/**} wklx, + deny /sys/fs?*{,/**} wklx, ++{{- end }} + + {{- if .feature_unix }} + +@@ -446,6 +448,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) { + + {{- if .feature_stacking }} + ++{{- if not .nesting }} + ### Feature: apparmor stacking + deny /sys/k[^e]*{,/**} wklx, + deny /sys/ke[^r]*{,/**} wklx, +@@ -471,14 +474,17 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) { + deny /sys/kernel/security/apparmor?*{,/**} wklx, + deny /sys/kernel/security?*{,/**} wklx, + deny /sys/kernel?*{,/**} wklx, ++{{- end }} + + change_profile -> ":{{ .namespace }}:*", + change_profile -> ":{{ .namespace }}://*", + {{- else }} + + ### Feature: apparmor stacking (not present) ++{{- if not .nesting }} + deny /sys/k*{,/**} wklx, + {{- end }} ++{{- end }} + + {{- if .nesting }} + diff -Nru incus-6.0.4/debian/patches/series incus-6.0.4/debian/patches/series --- incus-6.0.4/debian/patches/series 2025-11-10 13:32:56.000000000 +0000 +++ incus-6.0.4/debian/patches/series 2025-11-22 15:21:53.000000000 +0000 @@ -5,6 +5,7 @@ 005-cherry-pick-qemu-socket-cleanup.patch 006-cherry-pick-agent-mount-retry.patch 007-cherry-pick-usb-hotplug-fix.patch +008-cherry-pick-fix-nested-docker.patch 100-CVE-2025-54293.patch 101-CVE-2025-54287.patch 102-CVE-2025-54288.patch
signature.asc
Description: This is a digitally signed message part
