Debian Patches

Status for golang-github-containers-psgo/1.7.1+ds1-1

Patch Description Author Forwarded Bugs Origin Last update
test--skip-TestGetPIDSFromCgroup.patch disabled failing test.
FAIL: TestGetPIDSFromCgroup (0.00s)
Error Trace: pids_test.go:33
Error: Expected nil, but got: &os.PathError{Op:"open", Path:"/sys/fs/cgroup/pids//user.slice/user-1000.slice/session-6.scope/cgroup.procs", Err:0x2}
Test: TestGetPIDSFromCgroup
Error Trace: pids_test.go:34
Error: Should be true
Test: TestGetPIDSFromCgroup
Dmitry Smirnov <> not-needed 2019-09-10
CVE-2022-1227.patch commit 3ae3044916481f5c001f64a9d26110b878a676e0 (github/v1.7.1-fedora)

internal: proc: do not join the process user namespace

The only reason we joined the process user namespace was to map a
handful of fields into the same usernamepsace as that process. This
procedure can be implemented entirely in Go without having to run code
inside the container.

In addition, since psgo is used inside "podman top", we were actually
executing the nsenter binary *from the container* without all of the
container's security profiles applied. At the very least this would
allow a container process to return bad data to psgo (possibly confusing
management scripts using psgo) and at the very worst it would allow the
container process to escalate privileges by getting podman to execute
code without all of the container security profiles applied.

Fixes: CVE-2022-1227

Signed-off-by: Aleksa Sarai <>
Backported-by: Valentin Rothberg <>
Signed-off-by: Valentin Rothberg <>

diff --git a/internal/proc/ns.go b/internal/proc/ns.go
index 28ee6a2..9e77b86 100644
Aleksa Sarai <> no 2022-01-12

All known versions for source package 'golang-github-containers-psgo'