https://bugzilla.redhat.com/show_bug.cgi?id=1176302
Bug ID: 1176302
Summary: /var/log/docker incorrectly asserts that kernel
2.6.32* "might be unstable running docker"
Product: Fedora EPEL
Version: el6
Component: docker-io
Assignee: lsm5(a)redhat.com
Reporter: afoxson(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)redhat.com, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
Description of problem:
The following warning appears in /var/log/docker:
"WARNING: You are running linux kernel version 2.6.32-504.1.3.el6.x86_64, which
might be unstable running docker. Please upgrade your kernel to 3.8.0."
Version-Release number of selected component (if applicable):
docker-io-1.3.2-2.el6.x86_64.rpm
How reproducible:
Consistently.
Steps to Reproduce:
1. Run docker in daemon mode.
2. Review /var/log/docker.
Actual results:
The aforementioned warning appears in /var/log/docker.
Expected results:
The aforementioned warning not appearing in /var/log/docker.
Additional info:
This warning is incorrect as per:
https://github.com/docker/docker/issues/407#issuecomment-43206662
which states:
"Kernels older than 3.8 aren't supported. That means technical support isn't
provided and you might run into unexpected behavior, even if it seems like it's
working. The only exception is the kernel provided by RHEL6 (2.6.32xxxxxx)
which was patched and improved to work properly with Docker."
It seems that an environment variable is available for this situation, as per:
https://github.com/shykes/docker-dev/commit/2c2a655da14f6de9353454673f2a1c9…
which states:
"set DOCKER_NOWARN_KERNEL_VERSION=1 to disable the warning for RHEL 6.5"
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1213258
Bug ID: 1213258
Summary: Docker 1.6 needs tar but does not require it
Product: Fedora
Version: 21
Component: docker-io
Assignee: ichavero(a)redhat.com
Reporter: jpazdziora(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Description of problem:
Starting container fails with fork/exec /usr/bin/tar: no such file or directory
Version-Release number of selected component (if applicable):
docker-io-1.6.0-0.1.rc6.fc21
How reproducible:
Seen once, assume deterministic.
Steps to Reproduce:
1. Build an image.
2. Run a container.
Actual results:
time="2015-04-20T03:35:12-04:00" level=fatal msg="Error response from daemon:
Cannot start container
4df4e127d80dbfbf26a972a00f51085570fff275554979e80901ee93c7f69b29: [8] System
error: [/usr/bin/tar -cf
/var/lib/docker/tmp/4df4e127d80dbfbf26a972a00f51085570fff275554979e80901ee93c7f69b29725221613/_run.tar
-C
/var/lib/docker/devicemapper/mnt/4df4e127d80dbfbf26a972a00f51085570fff275554979e80901ee93c7f69b29/rootfs/run
.] failed: : fork/exec /usr/bin/tar: no such file or directory"
Expected results:
No error, container runs.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219058
Bug 1219058 depends on bug 1219703, which changed state.
Bug 1219703 Summary: CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1219703
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219703
Bug ID: 1219703
Summary: CVE-2015-3629 docker-io: docker: symlink traversal on
container respawn allows local privilege escalation
[fedora-all]
Product: Fedora
Version: 21
Component: docker-io
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ichavero(a)redhat.com
Reporter: tjay(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Blocks: 1219058 (CVE-2015-3629)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1219058
[Bug 1219058] CVE-2015-3629 docker: symlink traversal on container respawn
allows local privilege escalation
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219061
Bug 1219061 depends on bug 1219707, which changed state.
Bug 1219707 Summary: CVE-2015-3627 docker-io: docker: insecure opening of file-descriptor 1 leading to privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1219707
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219707
Bug ID: 1219707
Summary: CVE-2015-3627 docker-io: docker: insecure opening of
file-descriptor 1 leading to privilege escalation
[fedora-all]
Product: Fedora
Version: 21
Component: docker-io
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ichavero(a)redhat.com
Reporter: tjay(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Blocks: 1219061 (CVE-2015-3627)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1219061
[Bug 1219061] CVE-2015-3627 docker: insecure opening of file-descriptor 1
leading to privilege escalation
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219063
Bug 1219063 depends on bug 1219711, which changed state.
Bug 1219711 Summary: CVE-2015-3630 docker-io: docker: Read/write proc paths allow host modification & information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1219711
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219711
Bug ID: 1219711
Summary: CVE-2015-3630 docker-io: docker: Read/write proc paths
allow host modification & information disclosure
[fedora-all]
Product: Fedora
Version: 21
Component: docker-io
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ichavero(a)redhat.com
Reporter: tjay(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Blocks: 1219063 (CVE-2015-3630)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1219063
[Bug 1219063] CVE-2015-3630 docker: Read/write proc paths allow host
modification & information disclosure
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219065
Bug 1219065 depends on bug 1219715, which changed state.
Bug 1219715 Summary: CVE-2015-3631 docker-io: docker: volume mounts allow LSM profile escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1219715
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1219715
Bug ID: 1219715
Summary: CVE-2015-3631 docker-io: docker: volume mounts allow
LSM profile escalation [fedora-all]
Product: Fedora
Version: 21
Component: docker-io
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ichavero(a)redhat.com
Reporter: tjay(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Blocks: 1219065 (CVE-2015-3631)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1219065
[Bug 1219065] CVE-2015-3631 docker: volume mounts allow LSM profile
escalation
--
You are receiving this mail because:
You are on the CC list for the bug.