From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jochem Raat Subject: bug#21226: FAIL: tests/containers.scm Date: Tue, 11 Aug 2015 15:29:25 +0200 Message-ID: <55C9F8B5.4000200@riseup.net> References: <55C7B413.1070003@riseup.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40720) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZP9d7-0008A3-Lw for bug-guix@gnu.org; Tue, 11 Aug 2015 09:30:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZP9d2-00008z-Gr for bug-guix@gnu.org; Tue, 11 Aug 2015 09:30:13 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60776) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZP9d2-00008c-ED for bug-guix@gnu.org; Tue, 11 Aug 2015 09:30:08 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1ZP9d0-0004We-Uf for bug-guix@gnu.org; Tue, 11 Aug 2015 09:30:07 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: "Thompson, David" Cc: 21226@debbugs.gnu.org On 11-08-15 14:41, Thompson, David wrote: > > Fixed in commit bc459b6, which skips the tests if /proc/self/setgroups > does not exist, rather than allowing a system with a vulnerable kernel > create containers with a new user namespace. Thanks for the fast response and fix! > > I would like to note that you should update your kernel as soon as > possible, as the lack of /proc/self/setgroups means that you are > running a kernel with a known security vulnerability. The fix was > introduced in Linux 3.19, but backported to many older kernels, > including 3.13. Thanks for the advice, I have updated my kernel.