canonical-ubuntu-qa team mailing list archive
-
canonical-ubuntu-qa team
-
Mailing list archive
-
Message #05915
[Bug 2091846] [NEW] test_unconfined_userns from ubuntu_qrt_apparmor failed (bwrap with unprivileged_userns unexpectedly succeeds)
Public bug reported:
Issue found on Oracular amd64
* oracular:linux (6.11.0-13.14)
* oracular:linux-lowlatency (6.11.0-1007.7)
* oracular:linux-realtime (6.11.0-1003.3)
In contrast to LP: #2081798, this test failure indicates an unexpected
success under unprivileged_userns, rather than an unexpected failure
before unshare.
Test log
stdout:
Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-1007.7 (Ubuntu 6.11.0-1007.7-lowlatency 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
Skipping private tests
stderr:
test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) FAIL
======================================================================
FAIL: test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
Test that unconfined userns restrictions are applied
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py", line 1541, in test_unconfined_userns
self.assertShellExitEquals(1, ['sudo', '-u', self.user.login, 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'])
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/testlib.py", line 1332, in assertShellExitEquals
self.assertEqual(expected, rc, msg + result + report)
AssertionError: 1 != 0 : Got exit code 0, expected 1
Command: 'sudo', '-u', 'teTOzIhr', 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'
Output:
----------------------------------------------------------------------
Ran 1 test in 0.227s
FAILED (failures=1)
** Affects: ubuntu-kernel-tests
Importance: Undecided
Status: New
** Tags: 6.11 amd64 oracular ubuntu-qrt-apparmor
--
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2091846
Title:
test_unconfined_userns from ubuntu_qrt_apparmor failed (bwrap with
unprivileged_userns unexpectedly succeeds)
Status in ubuntu-kernel-tests:
New
Bug description:
Issue found on Oracular amd64
* oracular:linux (6.11.0-13.14)
* oracular:linux-lowlatency (6.11.0-1007.7)
* oracular:linux-realtime (6.11.0-1003.3)
In contrast to LP: #2081798, this test failure indicates an unexpected
success under unprivileged_userns, rather than an unexpected failure
before unshare.
Test log
stdout:
Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-1007.7 (Ubuntu 6.11.0-1007.7-lowlatency 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
Skipping private tests
stderr:
test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) FAIL
======================================================================
FAIL: test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
Test that unconfined userns restrictions are applied
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py", line 1541, in test_unconfined_userns
self.assertShellExitEquals(1, ['sudo', '-u', self.user.login, 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'])
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/testlib.py", line 1332, in assertShellExitEquals
self.assertEqual(expected, rc, msg + result + report)
AssertionError: 1 != 0 : Got exit code 0, expected 1
Command: 'sudo', '-u', 'teTOzIhr', 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'
Output:
----------------------------------------------------------------------
Ran 1 test in 0.227s
FAILED (failures=1)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2091846/+subscriptions
Follow ups
