From: owner@bugs.debian.org 
  
 This is a multi-part message in MIME format... 
  
 Your message dated Mon, 25 Aug 2025 14:32:27 +0000 
 with message-id  
 and subject line Bug#1110096: fixed in criu 3.17.1-2+deb12u2 
 has caused the Debian Bug report #1110096, 
 regarding criu: Broken restore functionality of mount namespaces within CRIU 
 with Linux security fix backported to all stable series: "mnt-v2: Failed to 
 make mount 476 slave: Invalid argument." 
 to be marked as done. 
  
 This means that you claim that the problem has been dealt with. 
 If this is not the case it is now your responsibility to reopen the 
 Bug report if necessary, and/or fix the problem forthwith. 
  
 (NB: If you are a system administrator and have no idea what this 
 message is talking about, this may indicate a serious mail system 
 misconfiguration somewhere. Please contact owner@bugs.debian.org 
 immediately.) 
  
  
 -- 
 1110096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110096 
 Debian Bug Tracking System 
 Contact owner@bugs.debian.org with problems 
  
 Received: (at submit) by bugs.debian.org; 29 Jul 2025 18:21:14 +0000 
 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 
  (2024-03-25) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-8.5 required=4.0 tests=BAYES_00,FOURLA, 
 FROMDEVELOPER, 
  KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG 
  autolearn=ham autolearn_force=no 
  version=4.0.1-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 16; hammy, 148; neutral, 59; spammy, 
  2. spammytokens:0.943-+--H*r:bugs.debian.org, 0.932-+--today 
  hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc, 
  0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--H*r:eldamar.lan 
 Return-path:  
 Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:33234 
 helo=eldamar.lan) 
  by buxtehude.debian.org with esmtp (Exim 4.96) 
  (envelope-from ) 
  id 1ugows-00ARdu-0o 
  for submit@bugs.debian.org; 
  Tue, 29 Jul 2025 18:21:14 +0000 
 Content-Type: text/plain; charset="us-ascii" 
 MIME-Version: 1.0 
 Content-Transfer-Encoding: 7bit 
 From: Salvatore Bonaccorso  
 To: Debian Bug Tracking System  
 Subject: criu: Broken restore functionality of mount namespaces within CRIU 
 with Linux security fix backported to all stable series: "mnt-v2: Failed to 
 make mount 476 slave: Invalid argument." 
 Message-ID: <175381327195.3336302.12991270005744828940.reportbug@eldamar. 
 lan> 
 X-Mailer: reportbug 13.2.0 
 Date: Tue, 29 Jul 2025 20:21:11 +0200 
 Delivered-To: submit@bugs.debian.org 
  
 Source: criu 
 Version: 4.1-1 
 Severity: serious 
 Tags: upstream 
 Justification: renders package unusable for users restoring container 
 X-Debbugs-Cc: carnil@debian.org 
  
 The criu project today released 4.1.1 as bufix release containing one 
 single fix: 
  
 | This release of CRIU (4.1.1) addresses a critical compatibility issue 
 | introduced in the Linux kernel and back-ported to all stable releases. 
 | 
 | The kernel commit (12f147ddd6de "do_change_type(): refuse to operate on 
 | unmounted/not ours mounts") addressed the security issue introduced 
 | almost 20 years ago. Unfortunately, this change inadvertently broke the 
 | restore functionality of mount namespaces within CRIU. Users attempting 
 | to restore a container on updated kernels would encounter the error: 
 | "mnt-v2: Failed to make mount 476 slave: Invalid argument." 
 | 
 | This release contains the necessary adjustments to CRIU, allowing it to 
 | work seamlessly with kernels incorporating this security change. 
  
 https://github.com/checkpoint-restore/criu/releases/tag/v4.1.1 
  
 The kernel change is a security fix which was backported to all stable 
 eseries, and in particular for Debian relevant as 6.1.142 (not yet 
 released but will be soon as DSA), 6.12.34 in trixie. 
  
 The fix should land ideally in trixie, but I'm awaere that the last 
 posibiltiy for unblocks is just around the corner. 
  
 I'm right now verifying the fix and filling this bug already for 
 transparency. 
  
 Regards, 
 Salvatore 
  
 Received: (at 1110096-close) by bugs.debian.org; 25 Aug 2025 14:32:28 +0000 
 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 
  (2024-03-25) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-112.4 required=4.0 tests=BAYES_00,DKIM_SIGNED, 
  DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER, 
  MD5_SHA1_SUM,PGPSIGNATURE,RDNS_NONE,SPF_HELO_NONE,SPF_NONE, 
  USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no 
  version=4.0.1-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 75; hammy, 150; neutral, 116; 
 spammy, 
  0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 
  0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 
  0.000-+--H*RU:sk:fasolo., 0.000-+--Hx-spam-relays-external:sk:fasolo. 
 Return-path:  
 Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:60342) 
  by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RS 
 _PSS_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.96) 
  (envelope-from ) 
  id 1uqYFI-00EdV9-2k 
  for 1110096-close@bugs.debian.org; 
  Mon, 25 Aug 2025 14:32:28 +0000 
 Received: from [192.91.235.231] (port=44230 helo=fasolo.debian.org) 
  from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA, 
 N=fasolo.debian.org,EMAIL=hostmaster@fasolo.debian.org (verified) 
  by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_P 
 S_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.94.2) 
  (envelope-from ) 
  id 1uqYFI-00HXo1-Fh 
  for 1110096-close@bugs.debian.org; Mon, 25 Aug 2025 14:32:28 +0000 
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)