canonical-ubuntu-qa team mailing list archive

[Paride Legovini <2063214@xxxxxxxxxxxxxxxxxx>]

That depends on:

  kernel.apparmor_restrict_unprivileged_userns

See:
https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction

** Changed in: auto-package-testing
       Status: New => Invalid

** Changed in: auto-package-testing
       Status: Invalid => Triaged

-- 
You received this bug notification because you are a member of
Canonical's Ubuntu QA, which is subscribed to Auto Package Testing.
https://bugs.launchpad.net/bugs/2063214

Title:
  unshare(1) fails within testbed VMs

Status in Auto Package Testing:
  Triaged

Bug description:
  We hit this while running src:autopkgtest autopackage tests
  (d/t/unshare), but other packages may be affected too. In short: this
  works on my Noble laptop:

  paride@ossimoro:~$ cat /etc/subuid
  paride:100000:65536
  paride@ossimoro:~$ cat /etc/subgid
  paride:100000:65536

  paride@ossimoro:~$ unshare --map-auto --map-root-user
  root@ossimoro:~# id
  uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
  root@ossimoro:~# su -c id
  uid=0(root) gid=0(root) groups=0(root)

  However, in a Noble amd64 testbed VM (running in lcy02):

  ubuntu@autopkgtest:~$ cat /etc/subuid
  ubuntu:100000:65536
  ubuntu@autopkgtest:~$ cat /etc/subgid
  ubuntu:100000:65536

  ubuntu@autopkgtest:~$ unshare --map-auto --map-root-user
  root@autopkgtest:~# id
  uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
  root@autopkgtest:~# su -c id
  su: cannot set groups: Operation not permitted
  root@autopkgtest:~# echo $?
  1

  I am currently unable to tell what differs between the two systems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/auto-package-testing/+bug/2063214/+subscriptions