Public bug reported:
In plucky:
$ unshare --user --map-auto
newuidmap: open of uid_map failed: Permission denied
The journal shows:
audit: type=1400 audit(1742379629.731:1072): apparmor="AUDIT" operation="exec"
class="file" info="ix fallback" profile="unshare" name="/usr/bin/newuidmap"
pid=9897 comm="unshare" requested_mask="x" fsuid=1000 ouid=0
target="unpriv_unshare//&unshare"
audit: type=1400 audit(1742379629.734:1073): apparmor="DENIED"
operation="capable" class="cap" profile="unpriv_unshare" pid=9897
comm="newuidmap" capability=1 capname="dac_override"
This also prevents the execution of `autopkgtest -- unshare`, although
somehow `sbuild --run-autopkgtest` makes it work.
** Affects: util-linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/2103595
Title:
apparmor policy prevents unshare --user --map-auto
Status in util-linux package in Ubuntu:
New
Bug description:
In plucky:
$ unshare --user --map-auto
newuidmap: open of uid_map failed: Permission denied
The journal shows:
audit: type=1400 audit(1742379629.731:1072): apparmor="AUDIT"
operation="exec" class="file" info="ix fallback" profile="unshare"
name="/usr/bin/newuidmap" pid=9897 comm="unshare" requested_mask="x" fsuid=1000
ouid=0 target="unpriv_unshare//&unshare"
audit: type=1400 audit(1742379629.734:1073): apparmor="DENIED"
operation="capable" class="cap" profile="unpriv_unshare" pid=9897
comm="newuidmap" capability=1 capname="dac_override"
This also prevents the execution of `autopkgtest -- unshare`, although
somehow `sbuild --run-autopkgtest` makes it work.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/2103595/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
