I wasn't able to reproduce it on oracular:linux (6.11.0-13.14) georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py -v ApparmorTest.test_unconfined_userns Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-13.14 (Ubuntu 6.11.0-13.14-generic 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'georgia') Skipping private tests
WARN: kernel rate limiting in effect Disabling ratelimiting until the next reboot. To renable, run: # sysctl -w kernel.printk_ratelimit=5 test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns) Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) (remove unprivileged_userns profile) (checking unshare fails) (creating unconfined mode profile for unshare and bwrap with userns permission) (checking unshare works as normal again) (checking unshare with uidmap works as normal again) (checking bwrap works as normal again) ok ---------------------------------------------------------------------- Ran 1 test in 0.793s OK georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ uname -a Linux sec2-oracular-amd64 6.11.0-13-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Sat Nov 30 23:51:51 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux georgia@sec2-oracular-amd64:~/qrt-test-apparmor$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 24.10 Release: 24.10 Codename: oracular Is there anything special about this machine? can you share the result of aa-status? Thank you -- You received this bug notification because you are a member of Canonical Platform QA Team, which is subscribed to ubuntu-kernel-tests. https://bugs.launchpad.net/bugs/2091846 Title: test_unconfined_userns from ubuntu_qrt_apparmor failed (bwrap with unprivileged_userns unexpectedly succeeds) Status in ubuntu-kernel-tests: New Bug description: Issue found on Oracular amd64 * oracular:linux (6.11.0-13.14) * oracular:linux-lowlatency (6.11.0-1007.7) * oracular:linux-realtime (6.11.0-1003.3) In contrast to LP: #2081798, this test failure indicates an unexpected success under unprivileged_userns, rather than an unexpected failure before unshare. Test log stdout: Running test: './test-apparmor.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-1007.7 (Ubuntu 6.11.0-1007.7-lowlatency 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu') Skipping private tests stderr: test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns) Test that unconfined userns restrictions are applied ... (disabling userns restrictions) (checking unshare works as normal) (checking unshare with uidmap works as normal) (checking bwrap works as normal) (enabling userns restrictions) (checking unshare transitions to unprivileged_userns) (checking unshare with uidmap with unprivileged_userns fails) (checking bwrap with unprivileged_userns fails) FAIL ====================================================================== FAIL: test_unconfined_userns (__main__.ApparmorTest.test_unconfined_userns) Test that unconfined userns restrictions are applied ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py", line 1541, in test_unconfined_userns self.assertShellExitEquals(1, ['sudo', '-u', self.user.login, 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true']) File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/testlib.py", line 1332, in assertShellExitEquals self.assertEqual(expected, rc, msg + result + report) AssertionError: 1 != 0 : Got exit code 0, expected 1 Command: 'sudo', '-u', 'teTOzIhr', 'bwrap', '--ro-bind', '/usr', '/usr', '--symlink', '/usr/lib64', '/lib64', '--symlink', '/usr/lib', '/lib', '--unshare-net', '--', 'true' Output: ---------------------------------------------------------------------- Ran 1 test in 0.227s FAILED (failures=1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2091846/+subscriptions -- Mailing list: https://launchpad.net/~canonical-ubuntu-qa Post to : canonical-ubuntu-qa@lists.launchpad.net Unsubscribe : https://launchpad.net/~canonical-ubuntu-qa More help : https://help.launchpad.net/ListHelp
