Hi
On 2024-06-11 10:18:14 +0200, Jochen Sprickerhof wrote:
> Hi Reinhard,
>
> * Reinhard Tartler <siret...@tauware.de> [2024-06-10 22:26]:
> > Are you sure that the test is actually executing a sysctl(2) command?
> > Looking at the code, it seems to me that this is code is assembling a
> > runtime spec that the CRI implementation will then carry out.
> > Forthermore, the output above indicates that the assertion on line 123
> > actually holds, but the one on line 124 does not:
> >
> > https://sources.debian.org/src/containerd/1.6.24~ds1-1/pkg/cri/server/sandbox_run_linux_test.go/#L124
> >
> > The cause for this is most likely in
> > https://sources.debian.org/src/containerd/1.6.24~ds1-1/pkg/cri/server/sandbox_run_linux.go/#L147.
> > Here the code is explicitly checking whether it is running in in a
> > usernamespace, which is exactly what 'unshare' is doing.
>
> That makes more sense, thanks for looking into it.
>
> > Can you please help me understand whether, and if so since when, we have
> > the requirement that all packages must be buildable inside a
> > usernamespace and where was this announced to be release-critical?
> > (CC'ed debian-release for input).
>
> Afaik the buildd team started deploying The sbuild unshare setup in April:
>
> https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/6a050f889
>
> So unrelated to the severity discussion you may want to look into fixing
> this bug so that the package continues to build.
This change makes those bugs automatically RC:
Packages must autobuild without failure on all architectures on
which they are supported.
(from https://release.debian.org/testing/rc_policy.txt, 4. Autobuilding)
Cheers
--
Sebastian Ramacher
