kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #143299
[Bug 1498162] Re: unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted
** Description changed:
+ == SRU Justification ==
+
+ Impact: Root in a user namespace cannot create new hardlinks to suid
+ files owned by another user even when the inode owner is mapped into
+ that user namespace. This is causing some package upgrades to fail in
+ unprivileged containers.
+
+ Fix: Patch from linux-next to allow a user with CAP_FOWNER in a user
+ namespace to link to a suid inode if the inode owner is mapped into the
+ user namespace.
+
+ Regression Potential: The main risks here would be security related
+ since the fix is a loosening of the protected_hardlinks sysctl which
+ serves as a mitigation against some classes of security vulnerabilities.
+ However a user which would now be allowed to link directly would
+ generally be able to create links to the same file via other mechanisms
+ already, so it's unlikely that this creates any additional attack
+ surface in practice.
+
+ ---
+
Upon trying to do an apt-get upgrade I run into this error:
-
- sudo apt-get dist-upgrade
+ sudo apt-get dist-upgrade
Reading package lists... Done
- Building dependency tree
+ Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
- uuid-runtime
+ uuid-runtime
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
Need to get 0 B/12.3 kB of archives.
After this operation, 0 B of additional disk space will be used.
- Do you want to continue? [Y/n]
+ Do you want to continue? [Y/n]
(Reading database ... 27622 files and directories currently installed.)
Preparing to unpack .../uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb ...
Unpacking uuid-runtime (2.20.1-5.1ubuntu20.7) over (2.20.1-5.1ubuntu20.6) ...
dpkg: error processing archive /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb (--unpack):
- unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted
+ unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Errors were encountered while processing:
- /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb
+ /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: util-linux 2.20.1-5.1ubuntu20.7
ProcVersionSignature: Ubuntu 3.19.0-26.28~14.04.1-generic 3.19.8-ckt4
Uname: Linux 3.19.0-26-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.13
Architecture: amd64
Date: Mon Sep 21 19:43:02 2015
ProcEnviron:
- TERM=screen-256color
- PATH=(custom, no user)
- LANG=en_US.UTF-8
- SHELL=/bin/bash
+ TERM=screen-256color
+ PATH=(custom, no user)
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
SourcePackage: util-linux
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1498162
Title:
unable to make backup link of `./usr/sbin/uuidd' before installing new
version: Operation not permitted
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Trusty:
In Progress
Status in linux source package in Vivid:
In Progress
Status in linux source package in Wily:
In Progress
Status in linux source package in Xenial:
In Progress
Bug description:
== SRU Justification ==
Impact: Root in a user namespace cannot create new hardlinks to suid
files owned by another user even when the inode owner is mapped into
that user namespace. This is causing some package upgrades to fail in
unprivileged containers.
Fix: Patch from linux-next to allow a user with CAP_FOWNER in a user
namespace to link to a suid inode if the inode owner is mapped into
the user namespace.
Regression Potential: The main risks here would be security related
since the fix is a loosening of the protected_hardlinks sysctl which
serves as a mitigation against some classes of security
vulnerabilities. However a user which would now be allowed to link
directly would generally be able to create links to the same file via
other mechanisms already, so it's unlikely that this creates any
additional attack surface in practice.
---
Upon trying to do an apt-get upgrade I run into this error:
sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
uuid-runtime
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
Need to get 0 B/12.3 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
(Reading database ... 27622 files and directories currently installed.)
Preparing to unpack .../uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb ...
Unpacking uuid-runtime (2.20.1-5.1ubuntu20.7) over (2.20.1-5.1ubuntu20.6) ...
dpkg: error processing archive /var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb (--unpack):
unable to make backup link of `./usr/sbin/uuidd' before installing new version: Operation not permitted
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Errors were encountered while processing:
/var/cache/apt/archives/uuid-runtime_2.20.1-5.1ubuntu20.7_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: util-linux 2.20.1-5.1ubuntu20.7
ProcVersionSignature: Ubuntu 3.19.0-26.28~14.04.1-generic 3.19.8-ckt4
Uname: Linux 3.19.0-26-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.13
Architecture: amd64
Date: Mon Sep 21 19:43:02 2015
ProcEnviron:
TERM=screen-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: util-linux
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1498162/+subscriptions