For reference, here is the bad commit: commit eac15dc Author: Seth Forshee <seth.fors...@canonical.com> Date: Wed Nov 19 11:00:56 2014 -0600
UBUNTU: SAUCE: fs: Refuse uid/gid changes which don't map into s_user_ns Add checks to inode_change_ok to verify that uid and gid changes will map into the superblock's user namespace. If they do not fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE. Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Acked-by: Serge Hallyn <serge.hal...@canonical.com> Signed-off-by: Tim Gardner <tim.gard...@canonical.com> diff --git a/fs/attr.c b/fs/attr.c index 6530ced..55b46e3 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -42,6 +42,17 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) return error; } + /* + * Verify that uid/gid changes are valid in the target namespace + * of the superblock. This cannot be overriden using ATTR_FORCE. + */ + if (ia_valid & ATTR_UID && + from_kuid(inode->i_sb->s_user_ns, attr->ia_uid) == (uid_t)-1) + return -EOVERFLOW; + if (ia_valid & ATTR_GID && + from_kgid(inode->i_sb->s_user_ns, attr->ia_gid) == (gid_t)-1) + return -EOVERFLOW; + /* If force is set do it anyway. */ if (ia_valid & ATTR_FORCE) return 0; -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1617388 Title: When using overlayfs with kernel 4.4, some files cannot be deleted. Status in linux package in Ubuntu: Confirmed Bug description: #!/bin/bash # --------------------------------------------------------------------- # This script exhibits a bug in overlayfs in kernel 4.4. # The bug is not present in kernel 4.2. # The bug can be reproduced in an x86_64 virtual-machine; # 32-bit has not been tested. # # With kernel 4.2, the script output ends with: # "script completed without encountering a kernel bug" # # With kernel 4.4, the script output ends with: # "rm: cannot remove ‘mnt_ovl/sub/sub.txt’: # Value too large for defined data type" # # The script depends upon lxc-usernsexec (part of the lxc1 package) to # create a user-namespace. # # The script should be run as a normal user (not root), in a directory where # the user has write-permission: # ./script # -------------------------------------------------------------------- cleanup() { [[ -d "$storedir" ]] || exit 1 cd "$storedir" || exit 1 [[ -d "$tmpdir" ]] || exit 1 lxc-usernsexec -m b:0:1000:1 -m b:100000:100000:1 -- rm -rf "$tmpdir" } trap cleanup EXIT set -e storedir="$(pwd)" # create tmpdir tmpdir="$(mktemp -d --tmpdir=.)" cd "$tmpdir" # create lowerdir for overlay mkdir -p lower/sub touch lower/lower.txt lower/sub/sub.txt cd .. chmod -R a+rwX "$tmpdir" # run a script in a user namepace lxc-usernsexec -m b:0:100000:65534 -- bash << EOF set -e cd "$tmpdir" # create tmpfs mkdir mnt_tmpfs mount -t tmpfs tmpfs mnt_tmpfs # create upperdir and workdir for overlay mkdir mnt_tmpfs/{upper,work} # mount overlay mkdir mnt_ovl mount -t overlay \ -o lowerdir=lower,upperdir=mnt_tmpfs/upper,workdir=mnt_tmpfs/work \ overlay mnt_ovl echo 'overlay directory listing' ls -RF mnt_ovl echo '' set -x rm mnt_ovl/lower.txt # always succeeds rm mnt_ovl/sub/sub.txt # fails with kernel 4.4+ set +x echo 'script completed without encountering a kernel bug' EOF To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1617388/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp