[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#754193: marked as done (linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host)



Your message dated Tue, 27 Apr 2021 02:08:03 +0200
with message-id <9986ac3d4fd7f0343f6d2f7cc8b730722725931a.camel@decadent.org.uk>
and subject line Re: Bug#754193: linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
has caused the Debian Bug report #754193,
regarding linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
754193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754193
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Version: 3.2.60-1+deb7u1
Severity: normal

Dear Maintainer,

tl;dr: init in a container (PID namespace) can call reboot(2) and
shutdown the host machine.

Please refer to [1] for a detailed description of symptoms.

After some investigation and thanks to help received from systemd
developers I can tell the problems can be solved by applying [2] to the
kernel. The patch is relatively old, it has been released only three
months after 3.2.0 so I hope applying it wouldn't be a problem.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754184
[2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf3f8921

-- Package-specific info:
** Version:
Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.60-1+deb7u1

** Command line:
initrd=/boot/initrd.img-3.2.0-4-amd64 root=UUID=f52fdabb-9a8b-4a87-b89e-dbb3aecbcb8b ro init=/lib/systemd/systemd BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-amd64 

** Not tainted

** Kernel log:
[   17.308252] drm: registered panic notifier
[   17.308603] acpi device:01: registered as cooling_device8
[   17.308776] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input5
[   17.308808] ACPI: Video Device [GFX0] (multi-head: yes  rom: no  post: no)
[   17.308819] [drm] Initialized i915 1.6.0 20080730 for 0000:00:02.0 on minor 0
[   17.308893] snd_hda_intel 0000:00:1b.0: irq 45 for MSI/MSI-X
[   17.308912] snd_hda_intel 0000:00:1b.0: setting latency timer to 64
[   17.490934] systemd[1]: Started Various fixups to make systemd work better on Debian.
[   17.491140] systemd[1]: Mounted Lock Directory.
[   17.491232] systemd[1]: Mounted User Runtime Directory.
[   17.491304] systemd[1]: Starting Local File Systems.
[   17.491365] systemd[1]: Reached target Local File Systems.
[   17.491379] systemd[1]: Starting LSB: Restore resolv.conf if the system crashed....
[   17.578239] systemd[1]: Starting LSB: ebtables ruleset management...
[   17.626663] usbcore: registered new interface driver usbserial
[   17.626671] USB Serial support registered for generic
[   17.626686] usbcore: registered new interface driver usbserial_generic
[   17.626687] usbserial: USB Serial Driver core
[   17.634148] USB Serial support registered for FTDI USB Serial Device
[   17.634191] ftdi_sio 2-1.1.2.4:1.0: FTDI USB Serial Device converter detected
[   17.634216] usb 2-1.1.2.4: Detected FT232RL
[   17.634217] usb 2-1.1.2.4: Number of endpoints 2
[   17.634226] usb 2-1.1.2.4: Endpoint 1 MaxPacketSize 64
[   17.634227] usb 2-1.1.2.4: Endpoint 2 MaxPacketSize 64
[   17.634228] usb 2-1.1.2.4: Setting MaxPacketSize 64
[   17.634708] usb 2-1.1.2.4: FTDI USB Serial Device converter now attached to ttyUSB0
[   17.634715] usbcore: registered new interface driver ftdi_sio
[   17.634716] ftdi_sio: v1.6.0:USB FTDI Serial Converters Driver
[   17.658024] systemd[1]: Starting LSB: Nameserver information manager...
[   17.706006] systemd[1]: Starting Recreate Volatile Files and Directories...
[   17.777771] systemd[1]: Starting Remote File Systems.
[   17.777898] systemd[1]: Reached target Remote File Systems.
[   17.777928] systemd[1]: Starting LSB: Cleans up any mess left by 0dns-up...
[   17.821560] systemd[1]: Starting LSB: Restore and store ALSA driver settings...
[   17.937240] systemd[1]: Starting LSB: VirtualBox Linux X11 Additions...
[   18.005039] systemd[1]: Starting LSB: screen sessions cleaning...
[   18.040925] systemd[1]: Starting LSB: Prepare console...
[   18.094444] hda_codec: ALC269: SKU not ready 0x411111f0
[   18.096352] input: HDA Digital PCBeep as /devices/pci0000:00/0000:00:1b.0/input/input6
[   18.124699] systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
[   18.204499] systemd[1]: Started Load Random Seed.
[   18.260399] systemd[1]: Started LSB: Restore resolv.conf if the system crashed..
[   18.328180] systemd[1]: Started LSB: ebtables ruleset management.
[   18.358599] HDMI status: Codec=3 Pin=6 Presence_Detect=0 ELD_Valid=0
[   18.358798] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1b.0/sound/card0/input7
[   18.359190] input: HDA Intel PCH Headphone as /devices/pci0000:00/0000:00:1b.0/sound/card0/input8
[   18.384081] systemd[1]: Started Recreate Volatile Files and Directories.
[   18.467758] systemd[1]: Started LSB: Cleans up any mess left by 0dns-up.
[   18.527560] systemd[1]: Started LSB: VirtualBox Linux X11 Additions.
[   19.026203] systemd[1]: Started LSB: Nameserver information manager.
[   19.157799] systemd[1]: Started LSB: screen sessions cleaning.
[   19.297399] systemd[1]: Started LSB: Prepare console.
[   19.297461] systemd[1]: Starting LSB: Raise network interfaces....
[   19.428996] systemd[1]: Mounting Arbitrary Executable File Formats File System...
[   19.566560] systemd[1]: Starting Sound Card.
[   19.566613] systemd[1]: Reached target Sound Card.
[   19.899712] systemd[1]: Started LSB: Restore and store ALSA driver settings.
[   19.900000] systemd[1]: Mounted Arbitrary Executable File Formats File System.
[   19.943630] systemd[1]: Started Trigger Flushing of Journal to Persistent Storage.
[   20.039291] systemd[1]: Started LSB: Update mtab file..
[   20.198637] systemd[1]: Found device ST3500413AS.
[   20.198694] systemd[1]: Activating swap /dev/disk/by-uuid/8fd21e0d-1027-4f44-94e2-4e81f5b11251...
[   20.331090] Adding 16776188k swap on /dev/sda3.  Priority:-1 extents:1 across:16776188k 
[   20.332552] systemd[1]: Activated swap /dev/disk/by-uuid/8fd21e0d-1027-4f44-94e2-4e81f5b11251.
[   20.332589] systemd[1]: Starting Swap.
[   20.332687] systemd[1]: Reached target Swap.
[   20.474185] Bridge firewalling registered
[   20.476974] device eth0 entered promiscuous mode
[   20.649667] e1000e 0000:00:19.0: irq 42 for MSI/MSI-X
[   20.753192] e1000e 0000:00:19.0: irq 42 for MSI/MSI-X
[   20.753933] ADDRCONF(NETDEV_UP): eth0: link is not ready
[   20.756670] ADDRCONF(NETDEV_UP): br0: link is not ready
[   24.098963] e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   24.099736] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   24.099765] br0: port 1(eth0) entering forwarding state
[   24.099771] br0: port 1(eth0) entering forwarding state
[   24.100478] ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
[   25.899581] RPC: Registered named UNIX socket transport module.
[   25.899582] RPC: Registered udp transport module.
[   25.899583] RPC: Registered tcp transport module.
[   25.899584] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   25.973107] FS-Cache: Loaded
[   26.014399] FS-Cache: Netfs 'nfs' registered for caching
[   26.047618] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[   27.251326] auditd (1618): /proc/1618/oom_adj is deprecated, please use /proc/1618/oom_score_adj instead.
[   28.737524] input: ACPI Virtual Keyboard Device as /devices/virtual/input/input9
[   29.266928] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[   29.318838] NFSD: starting 90-second grace period
[   31.287637] lp: driver loaded but no devices found
[   31.595018] ppdev: user-space parallel port driver
[   31.679484] parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE]
[   31.805706] parport0: irq 7 detected
[   31.901560] lp0: using parport0 (polling).
[   33.873772] ip_tables: (C) 2000-2006 Netfilter Core Team
[   34.880699] br0: no IPv6 routers present
[   35.113439] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[   35.406615] ADDRCONF(NETDEV_UP): virbr0: link is not ready
[   36.604928] Ebtables v2.0 registered
[   36.653106] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   39.108610] br0: port 1(eth0) entering forwarding state

** Model information
sys_vendor: Dell Inc.
product_name: OptiPlex 990
product_version: 01
chassis_vendor: Dell Inc.
chassis_version: 
bios_vendor: Dell Inc.
bios_version: A10
board_vendor: Dell Inc.
board_name: 06D7TR
board_version: A00

** Loaded modules:
ip6table_filter
ip6_tables
ebtable_nat
ebtables
ipt_MASQUERADE
iptable_nat
nf_nat
nf_conntrack_ipv4
nf_defrag_ipv4
xt_state
nf_conntrack
ipt_REJECT
xt_CHECKSUM
iptable_mangle
xt_tcpudp
iptable_filter
ip_tables
x_tables
parport_pc
ppdev
lp
parport
uinput
nfsd
nfs
nfs_acl
auth_rpcgss
fscache
lockd
sunrpc
bridge
stp
binfmt_misc
snd_hda_codec_hdmi
snd_hda_codec_realtek
ftdi_sio
usbserial
coretemp
crc32c_intel
snd_hda_intel
snd_hda_codec
snd_hwdep
ghash_clmulni_intel
snd_pcm_oss
snd_mixer_oss
snd_pcm
evdev
snd_page_alloc
aesni_intel
snd_seq_midi
snd_seq_midi_event
acpi_cpufreq
snd_rawmidi
i915
aes_x86_64
drm_kms_helper
aes_generic
mperf
snd_seq
drm
dcdbas
snd_seq_device
snd_timer
snd
cryptd
i2c_algo_bit
i2c_core
container
processor
video
button
shpchp
thermal_sys
soundcore
psmouse
serio_raw
kvm_intel
kvm
loop
autofs4
ext4
crc16
jbd2
mbcache
usbhid
hid
btrfs
crc32c
libcrc32c
zlib_deflate
dm_mod
sg
sr_mod
sd_mod
cdrom
crc_t10dif
ahci
libahci
libata
ehci_hcd
scsi_mod
usbcore
e1000e
usb_common

** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [8086:0100] (rev 09)
	Subsystem: Dell Device [1028:047e]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx-
	Latency: 0
	Capabilities: <access denied>
	Kernel driver in use: agpgart-intel

00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0102] (rev 09) (prog-if 00 [VGA controller])
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 44
	Region 0: Memory at e0c00000 (64-bit, non-prefetchable) [size=4M]
	Region 2: Memory at d0000000 (64-bit, prefetchable) [size=256M]
	Region 4: I/O ports at 3000 [size=64]
	Expansion ROM at <unassigned> [disabled]
	Capabilities: <access denied>
	Kernel driver in use: i915

00:16.0 Communication controller [0780]: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04)
	Subsystem: Dell Device [1028:047e]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 11
	Region 0: Memory at e1ab0000 (64-bit, non-prefetchable) [size=16]
	Capabilities: <access denied>

00:16.3 Serial controller [0700]: Intel Corporation 6 Series/C200 Series Chipset Family KT Controller [8086:1c3d] (rev 04) (prog-if 02 [16550])
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin B routed to IRQ 17
	Region 0: I/O ports at 30e0 [size=8]
	Region 1: Memory at e1a90000 (32-bit, non-prefetchable) [size=4K]
	Capabilities: <access denied>
	Kernel driver in use: serial

00:19.0 Ethernet controller [0200]: Intel Corporation 82579LM Gigabit Network Connection [8086:1502] (rev 04)
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 42
	Region 0: Memory at e1a00000 (32-bit, non-prefetchable) [size=128K]
	Region 1: Memory at e1a80000 (32-bit, non-prefetchable) [size=4K]
	Region 2: I/O ports at 3080 [size=32]
	Capabilities: <access denied>
	Kernel driver in use: e1000e

00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d] (rev 04) (prog-if 20 [EHCI])
	Subsystem: Dell Device [1028:047e]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 16
	Region 0: Memory at e1a70000 (32-bit, non-prefetchable) [size=1K]
	Capabilities: <access denied>
	Kernel driver in use: ehci_hcd

00:1b.0 Audio device [0403]: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller [8086:1c20] (rev 04)
	Subsystem: Dell Device [1028:047e]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 45
	Region 0: Memory at e1a60000 (64-bit, non-prefetchable) [size=16K]
	Capabilities: <access denied>
	Kernel driver in use: snd_hda_intel

00:1c.0 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 [8086:1c10] (rev b4) (prog-if 00 [Normal decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
	Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
	BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
	Capabilities: <access denied>
	Kernel driver in use: pcieport

00:1c.2 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 3 [8086:1c14] (rev b4) (prog-if 00 [Normal decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
	I/O behind bridge: 00002000-00002fff
	Memory behind bridge: e1000000-e19fffff
	Prefetchable memory behind bridge: 00000000e0000000-00000000e09fffff
	Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
	BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
	Capabilities: <access denied>
	Kernel driver in use: pcieport

00:1d.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 [8086:1c26] (rev 04) (prog-if 20 [EHCI])
	Subsystem: Dell Device [1028:047e]
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 17
	Region 0: Memory at e1a50000 (32-bit, non-prefetchable) [size=1K]
	Capabilities: <access denied>
	Kernel driver in use: ehci_hcd

00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev a4) (prog-if 01 [Subtractive decode])
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Bus: primary=00, secondary=03, subordinate=03, sec-latency=0
	Secondary status: 66MHz- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
	BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
		PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
	Capabilities: <access denied>

00:1f.0 ISA bridge [0601]: Intel Corporation Q67 Express Chipset Family LPC Controller [8086:1c4e] (rev 04)
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Capabilities: <access denied>

00:1f.2 SATA controller [0106]: Intel Corporation 6 Series/C200 Series Chipset Family SATA AHCI Controller [8086:1c02] (rev 04) (prog-if 01 [AHCI 1.0])
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin C routed to IRQ 43
	Region 0: I/O ports at 30d0 [size=8]
	Region 1: I/O ports at 30c0 [size=4]
	Region 2: I/O ports at 30b0 [size=8]
	Region 3: I/O ports at 30a0 [size=4]
	Region 4: I/O ports at 3060 [size=32]
	Region 5: Memory at e1a40000 (32-bit, non-prefetchable) [size=2K]
	Capabilities: <access denied>
	Kernel driver in use: ahci

00:1f.3 SMBus [0c05]: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller [8086:1c22] (rev 04)
	Subsystem: Dell Device [1028:047e]
	Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Interrupt: pin C routed to IRQ 11
	Region 0: Memory at e1a30000 (64-bit, non-prefetchable) [size=256]
	Region 4: I/O ports at 3040 [size=32]


** USB devices:
Bus 002 Device 004: ID 046d:c312 Logitech, Inc. DeLuxe 250 Keyboard
Bus 002 Device 006: ID 0403:6001 Future Technology Devices International, Ltd FT232 USB-Serial (UART) IC
Bus 002 Device 005: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB
Bus 002 Device 003: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***


-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (900, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: armel

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-3.2.0-4-amd64 depends on:
ii  debconf [debconf-2.0]                   1.5.49
ii  initramfs-tools [linux-initramfs-tool]  0.115~bpo70+1
ii  kmod                                    9-3
ii  linux-base                              3.5
ii  module-init-tools                       9-3

Versions of packages linux-image-3.2.0-4-amd64 recommends:
pn  firmware-linux-free  <none>

Versions of packages linux-image-3.2.0-4-amd64 suggests:
pn  debian-kernel-handbook  <none>
ii  extlinux                2:4.05+dfsg-6+deb7u1
pn  linux-doc-3.2           <none>

Versions of packages linux-image-3.2.0-4-amd64 is related to:
pn  firmware-atheros        <none>
pn  firmware-bnx2           <none>
pn  firmware-bnx2x          <none>
pn  firmware-brcm80211      <none>
pn  firmware-intelwimax     <none>
pn  firmware-ipw2x00        <none>
pn  firmware-ivtv           <none>
pn  firmware-iwlwifi        <none>
pn  firmware-libertas       <none>
pn  firmware-linux          <none>
pn  firmware-linux-nonfree  <none>
pn  firmware-myricom        <none>
pn  firmware-netxen         <none>
pn  firmware-qlogic         <none>
pn  firmware-ralink         <none>
pn  firmware-realtek        <none>
pn  xen-hypervisor          <none>

-- debconf information:
  linux-image-3.2.0-4-amd64/postinst/depmod-error-initrd-3.2.0-4-amd64: false
  linux-image-3.2.0-4-amd64/prerm/removing-running-kernel-3.2.0-4-amd64: true
  linux-image-3.2.0-4-amd64/postinst/ignoring-ramdisk:
  linux-image-3.2.0-4-amd64/postinst/missing-firmware-3.2.0-4-amd64:

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics

Attachment: pgp72oMRBvQwg.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Version: 3.4.4-1~experimental.1

On Sun, 2021-04-25 at 09:05 +0200, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Tue, Jul 08, 2014 at 05:30:48PM +0100, Ben Hutchings wrote:
> > On Tue, 2014-07-08 at 16:33 +0200, Łukasz Stelmach wrote:
> > > Package: src:linux
> > > Version: 3.2.60-1+deb7u1
> > > Severity: normal
> > > 
> > > Dear Maintainer,
> > > 
> > > tl;dr: init in a container (PID namespace) can call reboot(2) and
> > > shutdown the host machine.
> > 
> > Yes, and you need real user namespaces (as introduced in Linux 3.7)
> > to
> > prevent this.
> > 
> > > Please refer to [1] for a detailed description of symptoms.
> > > 
> > > After some investigation and thanks to help received from systemd
> > > developers I can tell the problems can be solved by applying [2]
> > > to the
> > > kernel. The patch is relatively old, it has been released only
> > > three
> > > months after 3.2.0 so I hope applying it wouldn't be a problem.
> > [...]
> > 
> > This change seems to make containers work better, but it does not
> > improve security.  I'm not sure whether this is sufficient
> > justification
> > for a stable update.  Please can you ask the stable release team
> > (debian-release@lists.debian.org) to consider this.
> 
> I'm still inclinded to close this bug now, would you agree?

Yes, it is long since fixed in all supported releases.  Closing this
with the first version that has the fix.

Ben.

-- 
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
                               A fail-safe circuit will destroy others.

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply to: