This bug was fixed in the package runc - 1.0.0~rc1-0ubuntu2~16.04.1 --------------- runc (1.0.0~rc1-0ubuntu2~16.04.1) xenial; urgency=medium
* Backport to Xenial. (LP: #1639407) -- Michael Hudson-Doyle <[email protected]> Thu, 15 Dec 2016 13:33:42 +1300 ** Changed in: runc (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1639407 Title: Docker not built with seccomp Status in docker.io package in Ubuntu: Fix Released Status in runc package in Ubuntu: Fix Released Status in docker.io source package in Xenial: Fix Released Status in runc source package in Xenial: Fix Released Status in docker.io source package in Yakkety: Fix Released Status in runc source package in Yakkety: Fix Released Bug description: [Impact] Hi, I noticed that the 'docker' provided by the 'docker.io' package is not built with seccomp support. This is seems to be true in xenial, yakkety, and zesty: ubuntu@ubuntu-xenial:~$ sudo docker run -it ubuntu grep Seccomp /proc/self/status Seccomp: 0 ubuntu@ubuntu-yakkety:~$ sudo docker run -it ubuntu grep Seccomp /proc/self/status Seccomp: 0 ubuntu@ubuntu-zesty:~$ sudo docker run -it ubuntu grep Seccomp /proc/self/status Seccomp: 0 This is despite the fact that the Ubuntu kernels are built with seccomp support and that the necessary 'seccomp' version (2.2.1) is available. This damages Docker's security on Ubuntu: + This exploit of CVE-2016-5195 works on Ubuntu Docker but not on stock Docker, because of the availabilty of the 'ptrace' system call, which is blocked by Docker's default seccomp filter: https://github.com/gebl/dirtycow-docker-vdso + Ubuntu Docker allows the 'perf_event_open' system call, which, combined with /proc/sys/kernel/perf_event_paranoid being 1 by default on xenial, allows disclosure of registers in the kernel. This can be used to break KASLR, and possibly to leak other sensitive values, like the /dev/urandom seed. + Ubuntu Docker allows access to system calls like 'move_pages', which could be used to deny service to other NUMA-aware processes on the host. + Processes in Ubuntu Docker containers can 'unshare' to create a new user namespace and obtain a new set of capabilities, potentially including capabilities the user intended to drop. These are acceptable security trade-offs to make in some contexts, but I think the fact that they're different from Docker's packages could easily make this surprising or unexpected behavior. [Test Case] "sudo docker run -it ubuntu grep Seccomp /proc/self/status" should show that Seccomp is enabled. Also see https://wiki.ubuntu.com/DockerUpdates [Regression potential] See above. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1639407/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
