[Touch-packages] [Bug 1863733] [NEW] Bubblewrap upstream-as-root test fails on libcap2 1:2.31-1 and later

Tue, 18 Feb 2020 02:26:13 -0800 

Public bug reported:

The bubblewrap upstream-as-root test started failing after libcap2
1:2.31-1 got synced from Debian. The same failure can be seen with
1:2.32-1. I have reproduced the issue locally on focal - when using the
focal-proposed version, the aforementioned test fails, where with the
release version (1:2.27-1) it passes.

It seems to fail here already:
bwrap --bind / / --tmpfs /tmp --as-pid-1 --cap-drop CAP_KILL --cap-drop 
CAP_FOWNER --unshare-pid capsh --print
assert_not_file_has_content caps.test '^Current: =.*cap_kill'

It looks like the requested caps did not get dropped, as the logs show
that both cap_kill and cap_fowner are still there. This is only for the
upstream-as-root test, i.e. executing tests/test-run.sh as root.

This might be an issue with bubblewrap, but seeing that it all works
fine with the release version, it all feels weird.

** Affects: bubblewrap (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: libcap2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: update-excuse

** Also affects: bubblewrap (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1863733

Title:
  Bubblewrap upstream-as-root test fails on libcap2 1:2.31-1 and later

Status in bubblewrap package in Ubuntu:
  New
Status in libcap2 package in Ubuntu:
  New

Bug description:
  The bubblewrap upstream-as-root test started failing after libcap2
  1:2.31-1 got synced from Debian. The same failure can be seen with
  1:2.32-1. I have reproduced the issue locally on focal - when using
  the focal-proposed version, the aforementioned test fails, where with
  the release version (1:2.27-1) it passes.

  It seems to fail here already:
  bwrap --bind / / --tmpfs /tmp --as-pid-1 --cap-drop CAP_KILL --cap-drop 
CAP_FOWNER --unshare-pid capsh --print
  assert_not_file_has_content caps.test '^Current: =.*cap_kill'

  It looks like the requested caps did not get dropped, as the logs show
  that both cap_kill and cap_fowner are still there. This is only for
  the upstream-as-root test, i.e. executing tests/test-run.sh as root.

  This might be an issue with bubblewrap, but seeing that it all works
  fine with the release version, it all feels weird.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1863733/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to