← Back to team overview

canonical-ubuntu-qa team mailing list archive

  1. canonical-ubuntu-qa team
  2. Mailing list archive
  3. Message #05923

[Bug 2091846] Re: test_unconfined_userns from ubuntu_qrt_apparmor failed (bwrap with unprivileged_userns unexpectedly succeeds)

  Thread PreviousDate PreviousThread Next 
I wasn't able to reproduce it on oracular:linux (6.11.0-13.14)

georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py -v ApparmorTest.test_unconfined_userns
Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-13.14 (Ubuntu 6.11.0-13.14-generic 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'georgia')
Skipping private tests

WARN: kernel rate limiting in effect
Disabling ratelimiting until the next reboot. To renable, run:
# sysctl -w kernel.printk_ratelimit=5

test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) (remove unprivileged_userns profile) (checking unshare fails) (creating unconfined mode profile for unshare and bwrap with userns permission) (checking unshare works as normal again) (checking unshare with uidmap works as normal again) (checking bwrap works as normal again) ok

----------------------------------------------------------------------
Ran 1 test in 0.793s

OK
georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ uname -a
Linux sec2-oracular-amd64 6.11.0-13-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Sat Nov 30 23:51:51 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.10
Release:	24.10
Codename:	oracular


Is there anything special about this machine?
can you share the result of aa-status?

Thank you

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2091846

Title:
  test_unconfined_userns from ubuntu_qrt_apparmor failed  (bwrap with
  unprivileged_userns unexpectedly succeeds)

Status in ubuntu-kernel-tests:
  New

Bug description:
  Issue found on Oracular amd64
  * oracular:linux (6.11.0-13.14)
  * oracular:linux-lowlatency (6.11.0-1007.7)
  * oracular:linux-realtime (6.11.0-1003.3)

  In contrast to LP: #2081798, this test failure indicates an unexpected
  success under unprivileged_userns, rather than an unexpected failure
  before unshare.

  Test log
  stdout:
  Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-1007.7 (Ubuntu 6.11.0-1007.7-lowlatency 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
  Skipping private tests
  stderr:
  test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
  Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) FAIL

  ======================================================================
  FAIL: test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns)
  Test that unconfined userns restrictions are applied
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py", line 1541, in test_unconfined_userns
      self.assertShellExitEquals(1, ['sudo', '-u', self.user.login, 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'])
    File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/testlib.py", line 1332, in assertShellExitEquals
      self.assertEqual(expected, rc, msg + result + report)
  AssertionError: 1 != 0 : Got exit code 0, expected 1
  Command: 'sudo', '-u', 'teTOzIhr', 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true'
  Output:                                                                                                                                                                                                                                                                                                                                                                                       

  ----------------------------------------------------------------------
  Ran 1 test in 0.227s

  FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2091846/+subscriptions

References

  Thread PreviousDate PreviousThread Next