From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: bug#21226: FAIL: tests/containers.scm
Date: Tue, 11 Aug 2015 08:41:54 -0400
Message-ID: <CAJ=RwfZ_PW18HYbNp3Ed7Wxq5KwbU7pjTMvNL5Z8MgsyYR5qPw@mail.gmail.com>
References: <55C7B413.1070003@riseup.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54487)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ZP8sX-0006L0-Ei
	for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ZP8sU-0000ZN-4V
	for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:60757)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ZP8sU-0000Yf-23
	for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ZP8sT-0001sj-JF
	for bug-guix@gnu.org; Tue, 11 Aug 2015 08:42:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.21226.B21226.14392969177222@debbugs.gnu.org>
In-Reply-To: <55C7B413.1070003@riseup.net>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
To: Jochem Raat <jchmrt@riseup.net>
Cc: 21226@debbugs.gnu.org

Hello Jochem,

On Sun, Aug 9, 2015 at 4:12 PM, Jochem Raat <jchmrt@riseup.net> wrote:
> During the running of make check on the guix 0.8.3 source tarball,
> test/containers.scm failed. I don't know enough about guix to understand
> why, but the manual said to report it to this email-adress. Please tell
> me if you need me to do more tests.
>
> Attached are the test-suite.log and containers.log.

Fixed in commit bc459b6, which skips the tests if /proc/self/setgroups
does not exist, rather than allowing a system with a vulnerable kernel
create containers with a new user namespace.

I would like to note that you should update your kernel as soon as
possible, as the lack of /proc/self/setgroups means that you are
running a kernel with a known security vulnerability.  The fix was
introduced in Linux 3.19, but backported to many older kernels,
including 3.13.

Thanks,

- Dave