[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
This bug was fixed in the package systemd - 237-3ubuntu10.40
---
systemd (237-3ubuntu10.40) bionic; urgency=medium
* d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657)
* d/p/lp1839290-Change-job-mode-of-manager-triggered-restarts-to-JOB.patch:
- when restarting service after failure, replace existing queued jobs
(LP: #1839290)
* d/p/lp1867421-70-mouse.hwdb-Set-DPI-for-MS-Classic-IntelliMouse.patch:
- fix resolution of IntelliMouse (LP: #1867421)
* d/p/lp1858412-journalctl-allow-running-vacuum-on-remote-journals-t.patch:
- allow vacuuming journal 'root' dir (LP: #1858412)
*
d/p/lp1862232/0001-network-add-more-log-messages-in-configuring-DHCP4-c.patch,
d/p/lp1862232/0002-network-add-more-log-messages-in-configuring-DHCP6-c.patch,
d/p/lp1862232/0003-network-also-check-that-Hostname-is-a-valid-DNS-doma.patch,
d/p/lp1862232/0004-network-use-free_and_replace.patch,
d/p/lp1862232/0005-network-DHCP-ignore-error-in-setting-hostname-when-i.patch,
d/p/lp1862232/0006-man-mention-that-Hostname-for-DHCP-must-be-a-valid-D.patch,
d/p/lp1862232/0007-resolve-fix-error-handling-of-dns_name_is_valid.patch:
- do not fail network setup if hostname is not valid (LP: #1862232)
* d/t/systemd-fsckd: Skip test on arm64 (LP: #1870194)
* d/p/lp1870589-seccomp-rework-how-the-S-UG-ID-filter-is-installed.patch:
- fix test-seccomp failure (LP: #1870589)
* d/rules: use meson --print-errorlogs instead of cat testlog
- (LP: #1870811)
* d/p/lp1776654-test-Synchronize-journal-before-reading-from-it.patch:
- sync journal before reading from it (LP: #1776654)
* d/p/lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch:
- do not crash if NULL passted to journal destructor (LP: #1837914)
* d/e/initramfs-tools/hooks/udev:
- Follow symlinks when finding link files to copy into initramfs
(LP: #1868892)
-- Dan Streetman Mon, 20 Apr 2020 10:12:49
-0400
** Changed in: systemd (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1870589
Title:
test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
Fix Released
Bug description:
[impact]
RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of
the time on arm64, and testcase failure indicates this as well.
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
this improves the function that (tries to) install seccomp suid/sgid
filters, so and regression would involve failure to restrict suid/sgid
with seccomp filters; however on arm64, the this functionality already
fails 100% of the time (which is what the failed test case was
pointing out).
[scope]
this fails only in Bionic, and this specific feature and testcase was
backported in patches for CVE-2019-384x. It does not appear that the
backported feature, or its testcase, ever passed in Bionic on arm64.
[other info]
systemd bionic arm64 autopkgtests have failed forever, but we should
fix that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
autopkgtest now passes on arm64:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200428_033750_621b2@/log.gz
** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1870589
Title:
test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
Fix Committed
Bug description:
[impact]
RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of
the time on arm64, and testcase failure indicates this as well.
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
this improves the function that (tries to) install seccomp suid/sgid
filters, so and regression would involve failure to restrict suid/sgid
with seccomp filters; however on arm64, the this functionality already
fails 100% of the time (which is what the failed test case was
pointing out).
[scope]
this fails only in Bionic, and this specific feature and testcase was
backported in patches for CVE-2019-384x. It does not appear that the
backported feature, or its testcase, ever passed in Bionic on arm64.
[other info]
systemd bionic arm64 autopkgtests have failed forever, but we should
fix that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Hello Dan, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.40 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: systemd (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Tags added: verification-needed verification-needed-bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1870589
Title:
test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
Fix Committed
Bug description:
[impact]
RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of
the time on arm64, and testcase failure indicates this as well.
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
this improves the function that (tries to) install seccomp suid/sgid
filters, so and regression would involve failure to restrict suid/sgid
with seccomp filters; however on arm64, the this functionality already
fails 100% of the time (which is what the failed test case was
pointing out).
[scope]
this fails only in Bionic, and this specific feature and testcase was
backported in patches for CVE-2019-384x. It does not appear that the
backported feature, or its testcase, ever passed in Bionic on arm64.
[other info]
systemd bionic arm64 autopkgtests have failed forever, but we should
fix that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870589/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870589] Re: test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
** Description changed:
[impact]
test case failure
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
- TBD
+ this improves the function that (tries to) install seccomp suid/sgid
+ filters, so and regression would involve failure to restrict suid/sgid
+ with seccomp filters; however on arm64, the this functionality already
+ fails 100% of the time (which is what the failed test case was pointing
+ out).
[scope]
this appears to fail only in Bionic, and this specific testcase was
backported in patch CVE-2019-384x-2.patch. It does not appear that it
ever passed in Bionic on arm64.
[other info]
systemd bionic arm64 autopkgtests have failed forever, but we should fix
that.
** Description changed:
[impact]
- test case failure
+ RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of
+ the time on arm64, and testcase failure indicates this as well.
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
this improves the function that (tries to) install seccomp suid/sgid
filters, so and regression would involve failure to restrict suid/sgid
with seccomp filters; however on arm64, the this functionality already
fails 100% of the time (which is what the failed test case was pointing
out).
[scope]
- this appears to fail only in Bionic, and this specific testcase was
- backported in patch CVE-2019-384x-2.patch. It does not appear that it
- ever passed in Bionic on arm64.
+ this fails only in Bionic, and this specific feature and testcase was
+ backported in patches for CVE-2019-384x. It does not appear that the
+ backported feature, or its testcase, ever passed in Bionic on arm64.
[other info]
systemd bionic arm64 autopkgtests have failed forever, but we should fix
that.
** Changed in: systemd (Ubuntu Bionic)
Importance: Low => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1870589
Title:
test-seccomp fails test_restrict_suid_sgid on arm64 on Bionic
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Bionic:
In Progress
Bug description:
[impact]
RestrictSUIDSGID (backported to Bionic in security CVE) fails 100% of
the time on arm64, and testcase failure indicates this as well.
[test case]
check autopkgtest logs, e.g.
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/arm64/s/systemd/20200401_09_34f60@/log.gz
/* test_restrict_suid_sgid */
Failed to add suid/sgid rule for architecture arm64, skipping: Numerical
argument out of domain
Assertion 'chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM' failed at
../src/test/test-seccomp.c:823, function test_restrict_suid_sgid(). Aborting.
suidsgidseccomp terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) ==
EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:889, function
test_restrict_suid_sgid(). Aborting.
FAIL: test-seccomp (code: 134)
Aborted (core dumped)
[regression potential]
this improves the function that (tries to) install seccomp suid/sgid
filters, so and regression would involve failure to restrict suid/sgid
with seccomp filters; however on arm64, the this functionality already
fails 100% of the time (which is what the failed test case was
