This bug was fixed in the package containerd - 0.2.5-0ubuntu1~16.04.1
---
containerd (0.2.5-0ubuntu1~16.04.1) xenial; urgency=medium
* Backport to Xenial. (LP: #1655906)
-- Michael Hudson-Doyle Mon, 30 Jan 2017
11:59:52 +1300
** Changed in: containerd (Ubuntu Xenial)
Sta
This bug was fixed in the package docker.io - 1.12.6-0ubuntu1~16.10.1
---
docker.io (1.12.6-0ubuntu1~16.10.1) yakkety; urgency=medium
* Backport to Yakkety. (LP: #1655906)
-- Michael Hudson-Doyle Mon, 30 Jan 2017
12:02:23 +1300
** Changed in: runc (Ubuntu Yakkety)
Status
This bug was fixed in the package runc - 1.0.0~rc2-0ubuntu2~16.04.1
---
runc (1.0.0~rc2-0ubuntu2~16.04.1) xenial; urgency=medium
* Backport to Xenial. (LP: #1655906)
-- Michael Hudson-Doyle Mon, 30 Jan 2017
11:57:49 +1300
** Changed in: runc (Ubuntu Xenial)
Status: Fix C
This bug was fixed in the package containerd - 0.2.5-0ubuntu1~16.10.1
---
containerd (0.2.5-0ubuntu1~16.10.1) yakkety; urgency=medium
* Backport to Yakkety. (LP: #1655906)
-- Michael Hudson-Doyle Mon, 30 Jan 2017
12:00:15 +1300
--
You received this bug notification because you
This bug was fixed in the package runc - 1.0.0~rc2-0ubuntu2~16.10.1
---
runc (1.0.0~rc2-0ubuntu2~16.10.1) yakkety; urgency=medium
* Backport to Yakkety. (LP: #1655906)
-- Michael Hudson-Doyle Mon, 30 Jan 2017
12:02:46 +1300
** Changed in: containerd (Ubuntu Yakkety)
Stat
This bug was fixed in the package docker.io - 1.12.6-0ubuntu1~16.04.1
---
docker.io (1.12.6-0ubuntu1~16.04.1) xenial; urgency=medium
* Backport to Xenial. (LP: #1655906)
* d/control: Remove version from Build-Depends on dh-golang, only
required in Debian.
* Install the servi
I checked with Michael, and the manual verification of docker.io on
s390x has been completed. Marking this verification-done and releasing.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
Hello Jon, or anyone else affected,
Accepted containerd into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/containerd/0.2.5-0ubuntu1~16.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. Se
Hello Jon, or anyone else affected,
Accepted runc into yakkety-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/runc/1.0.0~rc2-0ubuntu2~16.10.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https
Hello Jon, or anyone else affected,
Accepted docker.io into yakkety-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/docker.io/1.12.6-0ubuntu1~16.10.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. Se
Hello Jon, or anyone else affected,
Accepted docker.io into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/docker.io/1.12.6-0ubuntu1~16.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Also affects: docker.io (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: runc (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: containerd (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: docker.io (Ubuntu Yakk
This bug was fixed in the package docker.io - 1.12.6-0ubuntu1
---
docker.io (1.12.6-0ubuntu1) zesty; urgency=medium
* Update to 1.12.6 upstream release (LP: #1655906)
- add a few new privileged tests to "skip-privileged-unit-tests.patch"
* Adjust runc Depends to ensure fix for
This bug was fixed in the package containerd - 0.2.5-0ubuntu1
---
containerd (0.2.5-0ubuntu1) zesty; urgency=medium
* Update to 0.2.5 upstream release (LP: #1655906)
-- Tianon Gravi Fri, 13 Jan 2017 12:08:00 +1300
** Changed in: containerd (Ubuntu)
Status: In Progress =>
This bug was fixed in the package runc - 1.0.0~rc2-0ubuntu2
---
runc (1.0.0~rc2-0ubuntu2) zesty; urgency=medium
* Add d/patches/0001-nsexec-make-runC-Docker-work-in-unpriv-LXD.patch to fix
execution in unprivileged containers.
-- Michael Hudson-Doyle Thu, 26 Jan 2017
09:03:2
The attachment "0001-nsexec-make-runC-Docker-work-in-unpriv-LXD.patch"
seems to be a patch. If it isn't, please remove the "patch" flag from
the attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a
There is an upstream kernel fix for this:
https://lists.linuxfoundation.org/pipermail/containers/2017-January/037759.html
Until this is merged and then backported, I appended a workaround
whereby runC's init process will only set itself undumpable when it is
not running in a user namespace.
**
Nope, our story is specifically about running Docker inside unprivileged
containers.
Anyway, based on IRC discussion it looks like we have a way forward with
this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad
Well, the thing is that with the CVE patch applied, all kinds of things
won't work running Docker in an unprivileged container. So even if we
worked around the getPipeFds() issue, we'd still fail e.g. at setting
oom-score adjust because it also tries to access files under
/proc/. I think we will ha
Right, afaict this is caused by
https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
. Marking the process as undumpable requires that the caller has
CAP_SYS_PTRACE in the target process user namespace. If not, then any
file-opening operations on /proc// (e.g. read
Oh, that seems to be the fix for the CVE I made Aleksa Sarai aware of
that Roman Fiedler discovered (http://www.openwall.com/lists/oss-
security/2016/11/23/6,
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345). I didn't
know that it was filed.
Anyway, I'll take a look.
--
You received t
** Changed in: docker.io (Ubuntu)
Assignee: Michael Hudson-Doyle (mwhudson) => Stéphane Graber (stgraber)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655906
Title:
Please upgrade docker.io t
This turns out to be caused by the fix for cve-2016-9962, if that patch
is reverted the test passes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655906
Title:
Please upgrade docker.io to latest 1
It looks like upstream broke docker in containers again, the
autopkgtests fail with:
container_linux.go:247: starting container process caused
"process_linux.go:252: getting pipe fds for pid 3779 caused \"readlink
/proc/3779/fd/0: permission denied\""
--
You received this bug notification becaus
And all uploaded and building now.
** Changed in: containerd (Ubuntu)
Assignee: Tianon Gravi (tianon) => Michael Hudson-Doyle (mwhudson)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655906
Tit
Looks like LP doesn't want me to assign mwhudson. :) (only myself or
one of my teams)
So, uh, these are all pushed in Git, ready for review/sponsorship (I've
pushed builds to the PPA and tested in zesty successfully).
** Also affects: containerd (Ubuntu)
Importance: Undecided
Status: N
** Changed in: docker.io (Ubuntu)
Assignee: Tianon Gravi (tianon) => Michael Hudson-Doyle (mwhudson)
** Changed in: runc (Ubuntu)
Assignee: Tianon Gravi (tianon) => Michael Hudson-Doyle (mwhudson)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
** Also affects: runc (Ubuntu)
Importance: Undecided
Status: New
** Changed in: runc (Ubuntu)
Assignee: (unassigned) => Tianon Gravi (tianon)
** Changed in: runc (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bu
Tianon is working on this I understand. Assign to me (or just poke on
IRC) when ready for upload?
** Changed in: docker.io (Ubuntu)
Assignee: (unassigned) => Tianon Gravi (tianon)
** Changed in: docker.io (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification
29 matches
Mail list logo
