Package: xz-utils Version: 5.8.1-1 Severity: normal Dear fellow Maintainer,
RedHat has released a broken kernel 5.14.0-611.el9, which contains a backport of the landlock API 6. Sadly they forgot one patch, so the API 6 is incomplete. XZ depends on that and aborts with the following error message: > xz: Failed to enable the sandbox Sadly there is no runtime option to disable using the sandbox. This is a problem when the docker images "debian:trixie" or "debian:forky" are used on a RedHat powered host (CentOS Stream CoreOS 9.0.20250827-0). Therefore it would help if Debian could cherry-pick https://github.com/tukaani-project/xz/commit/5630c33a43a28a3d11030aa9d25fa8617e98da91 into `xz-utils` and release fixed versions for both "stable-security" and "unstable". So far I have seen `tar -J` failing as it calls `xz` as a child process, which then aborts with the above message. I have *not* seen `dpkg-deb` fail as it only links to `liblzma`, which by default does not use the landlock sandbox. So far we have tried to overwrite `lsm=` via the Linux Kernel command line to remove `landlock` from the list of enabled LSMs, but that was not successful so far. An alternative might be to configure a reduced SECCOMP profile for out k8s cluster, where all 3 syscalls for landlock are removed: ```console $ grep landlock_ /usr/share/containers/seccomp.json "landlock_add_rule", "landlock_create_ruleset", "landlock_restrict_self", ``` Thank you Philipp Hahn -- System Information: Debian Release: 13.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.57+deb13-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xz-utils depends on: ii libc6 2.41-12 ii liblzma5 5.8.1-1 xz-utils recommends no packages. xz-utils suggests no packages. -- no debconf information
