From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([209.51.188.92]:33843)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gtLJx-0002ss-MW
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:49:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gtLJv-00082Z-94
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:49:05 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:44949)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1gtLJu-0007zS-5H
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:49:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gtLJt-0001OG-PI
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:49:01 -0500
Subject: [bug#34446] Runc container escape patches CVE-2019-5736
Resent-Message-ID: <handler.34446.B.15499289345327@debbugs.gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:33196)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gtLJX-0002V9-JT
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:48:40 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gtL8U-0004tV-5t
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:37:15 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48875)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1gtL8T-0004s6-V3
	for guix-patches@gnu.org; Mon, 11 Feb 2019 18:37:14 -0500
Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net
	[76.124.202.137])
	by mail.messagingengine.com (Postfix) with ESMTPA id 48ABE1031E
	for <guix-patches@gnu.org>; Mon, 11 Feb 2019 18:37:10 -0500 (EST)
Date: Mon, 11 Feb 2019 18:37:08 -0500
From: Leo Famulari <leo@famulari.name>
Message-ID: <20190211233708.GA2509@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4"
Content-Disposition: inline
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 34446@debbugs.gnu.org


--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

These patches aim to fix CVE-2019-5736 in runc / Docker:

https://seclists.org/oss-sec/2019/q1/119

However, after applying these patches, Docker fails to build as shown
below. Runc, docker-cli, and containerd still build.

Please help :)

------
phase `setup-environment' succeeded after 0.0 seconds
starting phase `build'
# WARNING! I don't seem to be running in a Docker container.
# The result of this command might be an incorrect build, and will not be
# officially supported.
#
# Try this instead: make all
#

Removing bundles/

---> Making bundle: dynbinary (in bundles/dynbinary)
Building: bundles/dynbinary-daemon/dockerd-dev
# github.com/docker/docker/vendor/github.com/docker/libnetwork/iptables
=2Egopath/src/github.com/docker/docker/vendor/github.com/docker/libnetwork/=
iptables/iptables.go:90:15: undefined: exec.Guix_doesnt_want_LookPath
=2Egopath/src/github.com/docker/docker/vendor/github.com/docker/libnetwork/=
iptables/iptables.go:90:45: invalid character U+005C '\'
Backtrace:
           4 (primitive-load "/gnu/store/n5jmx2wksfvcrwlpv2zafd5hany=E2=80=
=A6")
In ice-9/eval.scm:
   191:35  3 (_ _)
In srfi/srfi-1.scm:
   863:16  2 (every1 #<procedure ac28a0 at /gnu/store/rkv7z31csb2xa=E2=80=
=A6> =E2=80=A6)
In /gnu/store/rkv7z31csb2xandzhnvm5kc0i78pf0ay-module-import/guix/build/gnu=
-build-system.scm:
   799:28  1 (_ _)
In /gnu/store/rkv7z31csb2xandzhnvm5kc0i78pf0ay-module-import/guix/build/uti=
ls.scm:
    616:6  0 (invoke _ . _)

/gnu/store/rkv7z31csb2xandzhnvm5kc0i78pf0ay-module-import/guix/build/utils.=
scm:616:6: In procedure invoke:
Throw to key `srfi-34' with args `(#<condition &invoke-error [program: "hac=
k/make.sh" arguments: ("dynbinary") exit-status: 2 term-signal: #f stop-sig=
nal: #f] 491cc0>)'.
builder for `/gnu/store/ihdm0nlw118mrb8wq127864g9pgrmghk-docker-18.09.2.drv=
' failed with exit code 1
build of /gnu/store/ihdm0nlw118mrb8wq127864g9pgrmghk-docker-18.09.2.drv fai=
led
View build log at '/var/log/guix/drvs/ih/dm0nlw118mrb8wq127864g9pgrmghk-doc=
ker-18.09.2.drv.bz2'.
guix build: error: build of `/gnu/store/ihdm0nlw118mrb8wq127864g9pgrmghk-do=
cker-18.09.2.drv' failed
------

--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlxiByQACgkQJkb6MLrK
fwh5lRAA6kThjoAon5DgJ3XZbP5/wulDEPzn+vZ/KFklaCiy3Nk05y8C0J2vbw/q
4vZWhBtXNFnpTJE3KJNyekHRNTHmO4gy1GzYYWF+xBUhCOJfuCYc+NQk8FM6TaEN
ChXFSt5EdSNXm2vhjTWsr65Gulzv/fAVrmzTwTnsNgqgSOlIitDKHumCdX+eO0HI
SvfXBvopeJXn03isrg//oCMu8IB/bxKOh5SPKKcTekPG9NAkjU/sXOm/uzjqcTZN
dL1SpPYbH5LLZKhnbT2ateHDSVVM9n2fFnx9Yn+DcVxGSALKlRE/JUfdwtPY9Eyv
ogbiFh94H9hnRsHCz4yeM4SIjxD3bMdg3E6Z/4un1Re5fuF+7NB4mbRRtWozN+5P
z7Fs5sIeLR8GsGg2t1nDK1Ztfc27qzhfig+NhRYMHFk6Vn8xEYmDmMnVucONIWoq
/rzW7XB47K1pyrOVMV9qWUwQobRG/0vZDl08uAvL8YPBvVMzx5f+FTnUNCuls6qT
Sub/CKSsNonc3QCs6aHmwYpIu1MeuZoOLVC07e9JpKtfFF6vsnVGefwpBTqxSImK
O36X6zRpPeNQ7mzi+zGb0Pe9NNzoxtWrM7EGpfVAmm07nS7bnRPEkBZo0EDut8d5
sWs23y11ZSikyxlhMOxNeiuO5MvnLAoEJwGy30gNZeaqswTCLYA=
=HRWT
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--