Package: src:linux Version: 3.2.96-3 Severity: grave Justification: renders package unusable with hidepid proc mount option
After updating the linux-image-amd64 system package, when we try to mount proc with the hidepid option the server throws a kernel panic.
mount -o remount,hidepid=2,gid=1001 /proc ** Version: Linux hostname 3.2.0-5-amd64 #1 SMP Debian 3.2.96-3 x86_64 GNU/Linux ** Kernel log: [ 110.335792] ------------[ cut here ]------------ [ 110.335813] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 __ptrace_may_access+0x47/0xf9() [ 110.335823] denying ptrace access check without PTRACE_MODE_*CREDS [ 110.335829] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront [ 110.335892] Pid: 4204, comm: bash Not tainted 3.2.0-5-amd64 #1 Debian 3.2.96-3 [ 110.335900] Call Trace: [ 110.335910] [<ffffffff81048675>] ? warn_slowpath_common+0x78/0x8c [ 110.335918] [<ffffffff81048721>] ? warn_slowpath_fmt+0x45/0x4a [ 110.335927] [<ffffffff810516ac>] ? __ptrace_may_access+0x47/0xf9 [ 110.335935] [<ffffffff81051955>] ? ptrace_may_access+0x24/0x36 [ 110.335945] [<ffffffff811461c3>] ? proc_pid_permission+0x4e/0x90 [ 110.335955] [<ffffffff811072e3>] ? inode_permission+0x65/0xd6 [ 110.335963] [<ffffffff811073d1>] ? link_path_walk+0x7d/0x421 [ 110.335971] [<ffffffff81107651>] ? link_path_walk+0x2fd/0x421 [ 110.335979] [<ffffffff81107b23>] ? path_lookupat+0x53/0x2bd [ 110.335988] [<ffffffff81037e4a>] ? should_resched+0x5/0x23 [ 110.335999] [<ffffffff81354d28>] ? _cond_resched+0x7/0x1c [ 110.336035] [<ffffffff81107da9>] ? do_path_lookup+0x1c/0x87 [ 110.336049] [<ffffffff81109818>] ? user_path_at_empty+0x47/0x7b [ 110.336066] [<ffffffff8135918e>] ? do_page_fault+0x30a/0x345 [ 110.336088] [<ffffffff81220e76>] ? notify_remote_via_irq+0x20/0x25 [ 110.336106] [<ffffffff81038a2e>] ? test_tsk_need_resched+0xa/0x13 [ 110.336127] [<ffffffff810730bb>] ? arch_local_irq_restore+0x7/0x8 [ 110.336144] [<ffffffff8135610f>] ? _raw_spin_unlock_irqrestore+0xe/0xf [ 110.336161] [<ffffffff810730c3>] ? arch_local_irq_disable+0x7/0x8 [ 110.336179] [<ffffffff813560f7>] ? _raw_spin_lock_irq+0xa/0x14 [ 110.336197] [<ffffffff81054ce4>] ? spin_unlock_irq+0xa/0xb [ 110.336214] [<ffffffff81101536>] ? vfs_fstatat+0x32/0x60 [ 110.336232] [<ffffffff81004043>] ? arch_local_irq_restore+0x7/0x8 [ 110.336248] [<ffffffff81004229>] ? xen_mc_flush+0x13c/0x16b [ 110.336266] [<ffffffff8110166c>] ? sys_newstat+0x12/0x2b [ 110.336282] [<ffffffff81356735>] ? page_fault+0x25/0x30 [ 110.336302] [<ffffffff8135b212>] ? system_call_fastpath+0x16/0x1b [ 110.336317] ---[ end trace 89494c70e5dcd0b8 ]--- [ 110.336342] ------------[ cut here ]------------ [ 110.336357] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 __ptrace_may_access+0x47/0xf9() [ 110.336375] denying ptrace access check without PTRACE_MODE_*CREDS [ 110.336408] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront [ 110.336565] Pid: 4204, comm: bash Tainted: G W 3.2.0-5-amd64 #1 Debian 3.2.96-3 [ 110.336575] Call Trace: [ 110.336583] [<ffffffff81048675>] ? warn_slowpath_common+0x78/0x8c [ 110.336592] [<ffffffff81048721>] ? warn_slowpath_fmt+0x45/0x4a [ 110.336601] [<ffffffff810516ac>] ? __ptrace_may_access+0x47/0xf9 [ 110.336609] [<ffffffff81051955>] ? ptrace_may_access+0x24/0x36 [ 110.336618] [<ffffffff811461c3>] ? proc_pid_permission+0x4e/0x90 [ 110.336627] [<ffffffff811072e3>] ? inode_permission+0x65/0xd6 [ 110.336635] [<ffffffff811073d1>] ? link_path_walk+0x7d/0x421 [ 110.336644] [<ffffffff81107651>] ? link_path_walk+0x2fd/0x421 [ 110.336652] [<ffffffff8110952e>] ? path_openat+0xac/0x33a [ 110.336660] [<ffffffff81109824>] ? user_path_at_empty+0x53/0x7b [ 110.336669] [<ffffffff8110987e>] ? do_filp_open+0x2a/0x6e [ 110.336677] [<ffffffff81354d28>] ? _cond_resched+0x7/0x1c [ 110.336686] [<ffffffff81112727>] ? alloc_fd+0x64/0x109 [ 110.336695] [<ffffffff810fd4f6>] ? do_sys_open+0x5e/0xe5 [ 110.336703] [<ffffffff8135b212>] ? system_call_fastpath+0x16/0x1b [ 110.336710] ---[ end trace 89494c70e5dcd0b9 ]--- [ 111.176925] ------------[ cut here ]------------ [ 111.176949] WARNING: at /build/linux-HPGG73/linux-3.2.96/kernel/ptrace.c:228 __ptrace_may_access+0x47/0xf9() [ 111.176959] denying ptrace access check without PTRACE_MODE_*CREDS [ 111.176966] Modules linked in: xt_multiport xt_owner ipt_REJECT xt_connlimit xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack iptable_filter ip_tables x_tables lockd sunrpc lp parport loop evdev coretemp snd_pcm snd_page_alloc crc32c_intel snd_timer snd soundcore aesni_intel aes_x86_64 aes_generic pcspkr cryptd ext3 mbcache jbd xen_netfront xen_blkfront [ 111.177033] Pid: 4283, comm: cron Tainted: G W 3.2.0-5-amd64 #1 Debian 3.2.96-3 [ 111.177041] Call Trace: [ 111.177051] [<ffffffff81048675>] ? warn_slowpath_common+0x78/0x8c [ 111.177060] [<ffffffff81048721>] ? warn_slowpath_fmt+0x45/0x4a [ 111.177068] [<ffffffff810516ac>] ? __ptrace_may_access+0x47/0xf9 [ 111.177077] [<ffffffff81051955>] ? ptrace_may_access+0x24/0x36 [ 111.177088] [<ffffffff811461c3>] ? proc_pid_permission+0x4e/0x90 [ 111.177103] [<ffffffff811072e3>] ? inode_permission+0x65/0xd6 [ 111.177115] [<ffffffff811073d1>] ? link_path_walk+0x7d/0x421 [ 111.177128] [<ffffffff8110952e>] ? path_openat+0xac/0x33a [ 111.177144] [<ffffffff810d15ed>] ? pte_offset_kernel+0x16/0x35 [ 111.177156] [<ffffffff8110987e>] ? do_filp_open+0x2a/0x6e [ 111.177170] [<ffffffff81354d28>] ? _cond_resched+0x7/0x1c [ 111.177185] [<ffffffff811b8e69>] ? __strncpy_from_user+0x18/0x48 [ 111.177200] [<ffffffff81112727>] ? alloc_fd+0x64/0x109 [ 111.177211] [<ffffffff810fd4f6>] ? do_sys_open+0x5e/0xe5 [ 111.177222] [<ffffffff8135b212>] ? system_call_fastpath+0x16/0x1b [ 111.177229] ---[ end trace 89494c70e5dcd0ba ]--- -- Camilo Echevarne | Dinahosting, S.L. Administrador Linux Email: cecheva...@dinahosting.com ----------------------------------------------------------- Voz: 900 854 000 | Internacional: +34 981 040 200 Skype: dinahosting | Soporte vía chat: www.dinahosting.com ¿Te hemos atendido como esperabas? Contamos con tu opinión. https://dinahosting.com/sobre-dinahosting/feedback -----------------------------------------------------------
