QA Regression Testing

~georgiag/qa-regression-testing:unpriv_userns_transition

Git
lp:~georgiag/qa-regression-testing
unpriv_userns_transition

Last commit made on 2024-02-08

Get this branch:: git clone -b unpriv_userns_transition https://git.launchpad.net/~georgiag/qa-regression-testing

Only Georgia Garcia can upload to this branch. If you are Georgia Garcia please log in for upload directions.

Branch merges

Merged into qa-regression-testing:master at revision 35f294b9a9bea9cb577ef3842b29544c56f0e3d0

Alex Murray: Approve on 2024-02-08

Branch information

Name:: unpriv_userns_transition

Repository:: lp:~georgiag/qa-regression-testing

Recent commits

35f294b... by Georgia Garcia on 2024-02-05

test-apparmor.py handle unprivileged_userns transition in userns tests

There is a kernel feature, available under
namespaces/userns_create/pciu&, that enables the transition of
unconfined tasks to a special profile called unprivileged_userns when
they try to create an unprivileged user namespace with
clone/unshare. This transition allows the creation of the unprivileged
user namespace but hinders its privileges by not allowing
capabilities. Refer to the unprivileged_userns profile to check what
rules are allowed.

If either the feature is not present in the kernel, or the
unprivileged_userns profile is not loaded, then the defined behavior
is to deny the creation of the unprivileged user namespace

Signed-off-by: Georgia Garcia <email address hidden>

	imagemagick:0 (build)
	imagemagick:1 (build)
	imagemagick:2 (build)
	gcc-security:0 (build)
	gcc-security:1 (build)
	gcc-security:2 (build)
	glibc:0 (build)
	glibc:1 (build)
	glibc:2 (build)
	glibc-security:0 (build)
	glibc-security:1 (build)
	glibc-security:2 (build)
	gnupg:0 (build)
	gnupg:1 (build)
	gnupg:2 (build)
	sudo:0 (build)
	sudo:1 (build)
	sudo:2 (build)
	git:0 (build)
	git:1 (build)
	git:2 (build)
	ghostscript:0 (build)
	ghostscript:1 (build)
	ghostscript:2 (build)
	busybox:0 (build)
	busybox:1 (build)
	busybox:2 (build)
	coreutils:0 (build)
	coreutils:1 (build)
	coreutils:2 (build)
	util-linux:0 (build)
	util-linux:1 (build)
	util-linux:2 (build)
	ecdsautils:0 (build)
	ecdsautils:1 (build)
	ecdsautils:2 (build)
	python-urllib3:0 (build)
	python-urllib3:1 (build)
	python-urllib3:2 (build)
	amanda:0 (build)
	amanda:1 (build)

5214c38... by Alex Murray on 2024-02-07

scripts/libseccomp/syscalls.json: update for libseccomp 2.5.5 in noble

Signed-off-by: Alex Murray <email address hidden>

e8d464d... by Alex Murray on 2024-02-07

scripts/test-libseccomp.py: switch back to lxc ubuntu template

Now the ubuntu-image template is failing so try the ubuntu one for jammy
instead.

Signed-off-by: Alex Murray <email address hidden>

637b726... by Jorge Sancho Larraz on 2024-02-06

scripts/test-amanda.py: add test for amanda and include in lpci

370fa67... by Georgia Garcia on 2024-02-01

test-apparmor.py: parse result of multiple lines in output

Add the upstream patch that enables checking multiple lines in the
output file for tests that have a caller and callee writing to the
same file. The test infrastructure expected only one line and tests
with pass for both caller and callee were failing.

This change to the test infrastructure is not significant enough to
warrant a SRU, since it doesn't affect the userspace apparmor tools.

Bug: https://launchpad.net/bugs/2051932
Signed-off-by: Georgia Garcia <email address hidden>

	imagemagick:0 (build)
	imagemagick:1 (build)
	imagemagick:2 (build)
	gcc-security:0 (build)
	gcc-security:1 (build)
	gcc-security:2 (build)
	glibc:0 (build)
	glibc:1 (build)
	glibc:2 (build)
	glibc-security:0 (build)
	glibc-security:1 (build)
	glibc-security:2 (build)
	gnupg:0 (build)
	gnupg:1 (build)
	gnupg:2 (build)
	sudo:0 (build)
	sudo:1 (build)
	sudo:2 (build)
	git:0 (build)
	git:1 (build)
	git:2 (build)
	ghostscript:0 (build)
	ghostscript:1 (build)
	ghostscript:2 (build)
	busybox:0 (build)
	busybox:1 (build)
	busybox:2 (build)
	coreutils:0 (build)
	coreutils:1 (build)
	coreutils:2 (build)
	util-linux:0 (build)
	util-linux:1 (build)
	util-linux:2 (build)
	ecdsautils:0 (build)
	ecdsautils:1 (build)
	ecdsautils:2 (build)
	python-urllib3:0 (build)
	python-urllib3:1 (build)
	python-urllib3:2 (build)

1b4ba2f... by Georgia Garcia on 2024-01-29

testlib: use PERL regexp on grep because of similarity to Python's re

On the function that ensures that deb-src entries are in sources.list
we are using grep to check if the entry is already on the file, and to
escape potential characters, we are using Python's re.escape.

The issue is that re.escape may escape more than what is required by
grep's basic-regexp, which is the case for parenthesis (), causing the
test to fail because it didn't realize the deb-src is there.

By specifying the regex variant, we can ensure that they will most
likely match. The re module documentation mentions that it is most
similar to Perl [1], that's why I chose grep -P.

[1] https://docs.python.org/3/library/re.html

Signed-off-by: Georgia Garcia <email address hidden>

	imagemagick:0 (build)
	imagemagick:1 (build)
	imagemagick:2 (build)
	gcc-security:0 (build)
	gcc-security:1 (build)
	gcc-security:2 (build)
	glibc:0 (build)
	glibc:1 (build)
	glibc:2 (build)
	glibc-security:0 (build)
	glibc-security:1 (build)
	glibc-security:2 (build)
	gnupg:0 (build)
	gnupg:1 (build)
	gnupg:2 (build)
	sudo:0 (build)
	sudo:1 (build)
	sudo:2 (build)
	git:0 (build)
	git:1 (build)
	git:2 (build)
	ghostscript:0 (build)
	ghostscript:1 (build)
	ghostscript:2 (build)
	busybox:0 (build)
	busybox:1 (build)
	busybox:2 (build)
	coreutils:0 (build)
	coreutils:1 (build)
	coreutils:2 (build)
	util-linux:0 (build)
	util-linux:1 (build)
	util-linux:2 (build)
	ecdsautils:0 (build)
	ecdsautils:1 (build)
	ecdsautils:2 (build)
	python-urllib3:0 (build)
	python-urllib3:1 (build)
	python-urllib3:2 (build)

bfd2b1e... by Amir Naseredini on 2024-01-26

lunar EOL Checklist

Signed-off-by: Amir Naseredini <email address hidden>

6973266... by Georgia Garcia on 2024-01-25

test-apparmor.py: workaround to fix posix_ipc tests for non-x86 archs on focal

The fix that was previously applied kinetic and jammy also applies to
focal since the mqueue patches were backported into focal, but this
test fix was not.

Bug: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2051227
Signed-off-by: Georgia Garcia <email address hidden>

	imagemagick:0 (build)
	imagemagick:1 (build)
	imagemagick:2 (build)
	gcc-security:0 (build)
	gcc-security:1 (build)
	gcc-security:2 (build)
	glibc:0 (build)
	glibc:1 (build)
	glibc:2 (build)
	glibc-security:0 (build)
	glibc-security:1 (build)
	glibc-security:2 (build)
	gnupg:0 (build)
	gnupg:1 (build)
	gnupg:2 (build)
	sudo:0 (build)
	sudo:1 (build)
	sudo:2 (build)
	git:0 (build)
	git:1 (build)
	git:2 (build)
	ghostscript:0 (build)
	ghostscript:1 (build)
	ghostscript:2 (build)
	busybox:0 (build)
	busybox:1 (build)
	busybox:2 (build)
	coreutils:0 (build)
	coreutils:1 (build)
	coreutils:2 (build)
	util-linux:0 (build)
	util-linux:1 (build)
	util-linux:2 (build)
	ecdsautils:0 (build)
	ecdsautils:1 (build)
	ecdsautils:2 (build)
	python-urllib3:0 (build)
	python-urllib3:1 (build)
	python-urllib3:2 (build)

bb8489a... by Marc Deslauriers on 2024-01-25

added some pillow build testing notes

e03ddc8... by Steve Beattie on 2024-01-25

test-kernel-aslr-collisions.py: fix open file descriptor warnings

Signed-off-by: Steve Beattie <email address hidden>

QA Regression Testing

~georgiag/qa-regression-testing:unpriv_userns_transition

Branch merges

Related source package recipes

Related snap packages

Related charm recipes

Branch information

Recent commits