Also to be clear, from jjohansen's comment to me last week, all of the necessary patches are available in the 5.4 focal kernel, so kernels for UC20 from canonical snaps should contain this fix on the 20 track.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1890848 Title: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Bionic: Triaged Bug description: SRU Justification: [Impact] Permission 'ptrace trace' is required to readlink() /proc/*/ns/*, when only 'ptrace read' should be required according to 'man namespaces': "Permission to dereference or read (readlink(2)) these symbolic links is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2)." [Fix] Upstream commit 338d0be437ef10e247a35aed83dbab182cf406a2 fixes ptrace read check. [Test Plan] BugLink contains the source of a binary that reproduces the issue. In summary, it executes readlink() on /proc/*/ns/*. There's also a policy that has only 'ptrace read' permission. When the bug is fixed, execution is allowed. [Where problems could occur] The regression can be considered as low, since it's lowering the number of permissions required. Existing policies that already contain the permission 'ptrace trace' and 'ptrace read' will have a broader policy than required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
