From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Thompson, David" Subject: bug#21226: FAIL: tests/containers.scm Date: Tue, 11 Aug 2015 08:41:54 -0400 Message-ID: References: <55C7B413.1070003@riseup.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54487) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZP8sX-0006L0-Ei for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZP8sU-0000ZN-4V for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60757) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZP8sU-0000Yf-23 for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1ZP8sT-0001sj-JF for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <55C7B413.1070003@riseup.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Jochem Raat Cc: 21226@debbugs.gnu.org Hello Jochem, On Sun, Aug 9, 2015 at 4:12 PM, Jochem Raat wrote: > During the running of make check on the guix 0.8.3 source tarball, > test/containers.scm failed. I don't know enough about guix to understand > why, but the manual said to report it to this email-adress. Please tell > me if you need me to do more tests. > > Attached are the test-suite.log and containers.log. Fixed in commit bc459b6, which skips the tests if /proc/self/setgroups does not exist, rather than allowing a system with a vulnerable kernel create containers with a new user namespace. I would like to note that you should update your kernel as soon as possible, as the lack of /proc/self/setgroups means that you are running a kernel with a known security vulnerability. The fix was introduced in Linux 3.19, but backported to many older kernels, including 3.13. Thanks, - Dave