1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1110096: criu: Broken restore functionality of mount namespaces wit

    From Salvatore Bonaccorso@21:1/5 to All on Tue Jul 29 20:30:01 2025
    Source: criu
    Version: 4.1-1
    Severity: serious
    Tags: upstream
    Justification: renders package unusable for users restoring container X-Debbugs-Cc: carnil@debian.org

    The criu project today released 4.1.1 as bufix release containing one
    single fix:

    | This release of CRIU (4.1.1) addresses a critical compatibility issue
    | introduced in the Linux kernel and back-ported to all stable releases.
    |
    | The kernel commit (12f147ddd6de "do_change_type(): refuse to operate on
    | unmounted/not ours mounts") addressed the security issue introduced
    | almost 20 years ago. Unfortunately, this change inadvertently broke the
    | restore functionality of mount namespaces within CRIU. Users attempting
    | to restore a container on updated kernels would encounter the error:
    | "mnt-v2: Failed to make mount 476 slave: Invalid argument."
    |
    | This release contains the necessary adjustments to CRIU, allowing it to
    | work seamlessly with kernels incorporating this security change.

    https://github.com/checkpoint-restore/criu/releases/tag/v4.1.1

    The kernel change is a security fix which was backported to all stable
    eseries, and in particular for Debian relevant as 6.1.142 (not yet
    released but will be soon as DSA), 6.12.34 in trixie.

    The fix should land ideally in trixie, but I'm awaere that the last
    posibiltiy for unblocks is just around the corner.

    I'm right now verifying the fix and filling this bug already for
    transparency.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Wed Jul 30 04:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Wed, 30 Jul 2025 02:34:00 +0000
    with message-id <E1ugwdk-00ALl4-2S@fasolo.debian.org>
    and subject line Bug#1110096: fixed in criu 4.1.1-1
    has caused the Debian Bug report #1110096,
    regarding criu: Broken restore functionality of mount namespaces within CRIU with Linux security fix backported to all stable series: "mnt-v2: Failed to make mount 476 slave: Invalid argument."
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1110096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110096
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 29 Jul 2025 18:21:14 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-8.5 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 16; hammy, 148; neutral, 59; spammy,
    2. spammytokens:0.943-+--H*r:bugs.debian.org, 0.932-+--today
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--H*r:eldamar.lan Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:33234 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelo