Hi Shengjing,
On 24-06-2019 00:28, Shengjing Zhu wrote:
> Now, with good reason...
>
> It tooks me enough hours today to figure out why the tests crash the host(as
> described in #929662, running out of pids).
>
> The bug is not from upstream. Previously a file was removed from
> upstream tarball, named engine/pkg/chrootarchive/archive_test.go, which
> has an important init func:
>
> func init() {
> reexec.Init()
> }
>
> All tests that rely on reexec need this func. The tests added by CVE-2018-15664
> need it as well. Without this, the tests cause fork bomb.
Are you saying this file is only needed for testing? This file isn't
needed for docker.io itself? Why was it stripped in the first place?
> Well, after adding this func back, the tests run and the host doesn't
> crash.
>
> However the tests still can't pass in schroot, the log says:
[...]
> Short version: these tests need privileged permission.
And your schroot doesn't provide those. How about any better container?
How about buildds?
Paul
Attachment:
signature.asc
Description: OpenPGP digital signature