Package: libcap2 Version: 1:2.32-1 The bubblewrap upstream-as-root test started failing after libcap2 1:2.31-1 got synced from Debian. The same failure can be seen with 1:2.32-1. I have reproduced the issue locally on focal - when using the focal-proposed version, the aforementioned test fails, where with the release version (after reverting libcap2 to 1:2.27-1) it passes.
It seems to fail here already: bwrap --bind / / --tmpfs /tmp --as-pid-1 --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print assert_not_file_has_content caps.test '^Current: =.*cap_kill' It looks like the requested caps did not get dropped, as the logs show that both cap_kill and cap_fowner are still there. This is only for the upstream-as-root test, i.e. executing tests/test-run.sh as root. This might be an issue with bubblewrap, but seeing that it all works fine with the release version, it all feels like an unintended regression. Reported on Ubuntu here: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1863733 Best regards, -- Ćukasz 'sil2100' Zemczak Foundations Team lukasz.zemc...@canonical.com www.canonical.com
