[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
This bug was fixed in the package systemd - 237-3ubuntu10.40 --- systemd (237-3ubuntu10.40) bionic; urgency=medium * d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657) * d/p/lp1839290-Change-job-mode-of-manager-triggered-restarts-to-JOB.patch: - when restarting service after failure, replace existing queued jobs (LP: #1839290) * d/p/lp1867421-70-mouse.hwdb-Set-DPI-for-MS-Classic-IntelliMouse.patch: - fix resolution of IntelliMouse (LP: #1867421) * d/p/lp1858412-journalctl-allow-running-vacuum-on-remote-journals-t.patch: - allow vacuuming journal 'root' dir (LP: #1858412) * d/p/lp1862232/0001-network-add-more-log-messages-in-configuring-DHCP4-c.patch, d/p/lp1862232/0002-network-add-more-log-messages-in-configuring-DHCP6-c.patch, d/p/lp1862232/0003-network-also-check-that-Hostname-is-a-valid-DNS-doma.patch, d/p/lp1862232/0004-network-use-free_and_replace.patch, d/p/lp1862232/0005-network-DHCP-ignore-error-in-setting-hostname-when-i.patch, d/p/lp1862232/0006-man-mention-that-Hostname-for-DHCP-must-be-a-valid-D.patch, d/p/lp1862232/0007-resolve-fix-error-handling-of-dns_name_is_valid.patch: - do not fail network setup if hostname is not valid (LP: #1862232) * d/t/systemd-fsckd: Skip test on arm64 (LP: #1870194) * d/p/lp1870589-seccomp-rework-how-the-S-UG-ID-filter-is-installed.patch: - fix test-seccomp failure (LP: #1870589) * d/rules: use meson --print-errorlogs instead of cat testlog - (LP: #1870811) * d/p/lp1776654-test-Synchronize-journal-before-reading-from-it.patch: - sync journal before reading from it (LP: #1776654) * d/p/lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch: - do not crash if NULL passted to journal destructor (LP: #1837914) * d/e/initramfs-tools/hooks/udev: - Follow symlinks when finding link files to copy into initramfs (LP: #1868892) -- Dan Streetman Mon, 20 Apr 2020 10:12:49 -0400 ** Changed in: systemd (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1870589 Title: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Fix Released Bug description: [impact] RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of the time on arm64, and testcase failure indicates this as well. [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] this improves the function that (tries to) install seccomp suid/sgid filters, so and regression would involve failure to restrict suid/sgid with seccomp filters; however on arm64, the this functionality already fails 100% of the time (which is what the failed test case was pointing out). [scope] this fails only in Bionic, and this specific feature and testcase was backported in patches for CVE-2019-384x. It does not appear that the backported feature, or its testcase, ever passed in Bionic on arm64. [other info] systemd bionic arm64 autopkgtests have failed forever, but we should fix that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
autopkgtest now passes on arm64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200428_033750_621b2@/log.gz ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1870589 Title: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Fix Committed Bug description: [impact] RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of the time on arm64, and testcase failure indicates this as well. [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] this improves the function that (tries to) install seccomp suid/sgid filters, so and regression would involve failure to restrict suid/sgid with seccomp filters; however on arm64, the this functionality already fails 100% of the time (which is what the failed test case was pointing out). [scope] this fails only in Bionic, and this specific feature and testcase was backported in patches for CVE-2019-384x. It does not appear that the backported feature, or its testcase, ever passed in Bionic on arm64. [other info] systemd bionic arm64 autopkgtests have failed forever, but we should fix that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Hello Dan, or anyone else affected, Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.40 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1870589 Title: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Fix Committed Bug description: [impact] RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of the time on arm64, and testcase failure indicates this as well. [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] this improves the function that (tries to) install seccomp suid/sgid filters, so and regression would involve failure to restrict suid/sgid with seccomp filters; however on arm64, the this functionality already fails 100% of the time (which is what the failed test case was pointing out). [scope] this fails only in Bionic, and this specific feature and testcase was backported in patches for CVE-2019-384x. It does not appear that the backported feature, or its testcase, ever passed in Bionic on arm64. [other info] systemd bionic arm64 autopkgtests have failed forever, but we should fix that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
** Description changed: [impact] test case failure [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] - TBD + this improves the function that (tries to) install seccomp suid/sgid + filters, so and regression would involve failure to restrict suid/sgid + with seccomp filters; however on arm64, the this functionality already + fails 100% of the time (which is what the failed test case was pointing + out). [scope] this appears to fail only in Bionic, and this specific testcase was backported in patch CVE-2019-384x-2.patch. It does not appear that it ever passed in Bionic on arm64. [other info] systemd bionic arm64 autopkgtests have failed forever, but we should fix that. ** Description changed: [impact] - test case failure + RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of + the time on arm64, and testcase failure indicates this as well. [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] this improves the function that (tries to) install seccomp suid/sgid filters, so and regression would involve failure to restrict suid/sgid with seccomp filters; however on arm64, the this functionality already fails 100% of the time (which is what the failed test case was pointing out). [scope] - this appears to fail only in Bionic, and this specific testcase was - backported in patch CVE-2019-384x-2.patch. It does not appear that it - ever passed in Bionic on arm64. + this fails only in Bionic, and this specific feature and testcase was + backported in patches for CVE-2019-384x. It does not appear that the + backported feature, or its testcase, ever passed in Bionic on arm64. [other info] systemd bionic arm64 autopkgtests have failed forever, but we should fix that. ** Changed in: systemd (Ubuntu Bionic) Importance: Low => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1870589 Title: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: In Progress Bug description: [impact] RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of the time on arm64, and testcase failure indicates this as well. [test case] check autopkgtest logs, e.g. https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz /* test_restrict_suid_sgid */ Failed to add suid/sgid rule for architecture arm64, skipping: Numerical argument out of domain Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at ../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting. suidsgidseccomp terminated by signal ABRT. Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function test_restrict_suid_sgid(). Aborting. FAIL: test-seccomp (code: 134) Aborted (core dumped) [regression potential] this improves the function that (tries to) install seccomp suid/sgid filters, so and regression would involve failure to restrict suid/sgid with seccomp filters; however on arm64, the this functionality already fails 100% of the time (which is what the failed test case was