For reference, here is the bad commit:
commit eac15dc
Author: Seth Forshee <seth.fors...@canonical.com>
Date: Wed Nov 19 11:00:56 2014 -0600
UBUNTU: SAUCE: fs: Refuse uid/gid changes which don't map into s_user_ns
Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Signed-off-by: Tim Gardner <tim.gard...@canonical.com>
diff --git a/fs/attr.c b/fs/attr.c
index 6530ced..55b46e3 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -42,6 +42,17 @@ int inode_change_ok(const struct inode *inode, struct iattr
*attr)
return error;
}
+ /*
+ * Verify that uid/gid changes are valid in the target namespace
+ * of the superblock. This cannot be overriden using ATTR_FORCE.
+ */
+ if (ia_valid & ATTR_UID &&
+ from_kuid(inode->i_sb->s_user_ns, attr->ia_uid) == (uid_t)-1)
+ return -EOVERFLOW;
+ if (ia_valid & ATTR_GID &&
+ from_kgid(inode->i_sb->s_user_ns, attr->ia_gid) == (gid_t)-1)
+ return -EOVERFLOW;
+
/* If force is set do it anyway. */
if (ia_valid & ATTR_FORCE)
return 0;
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1617388
Title:
When using overlayfs with kernel 4.4, some files cannot be deleted.
Status in linux package in Ubuntu:
Confirmed
Bug description:
#!/bin/bash
# ---------------------------------------------------------------------
# This script exhibits a bug in overlayfs in kernel 4.4.
# The bug is not present in kernel 4.2.
# The bug can be reproduced in an x86_64 virtual-machine;
# 32-bit has not been tested.
#
# With kernel 4.2, the script output ends with:
# "script completed without encountering a kernel bug"
#
# With kernel 4.4, the script output ends with:
# "rm: cannot remove ‘mnt_ovl/sub/sub.txt’:
# Value too large for defined data type"
#
# The script depends upon lxc-usernsexec (part of the lxc1 package) to
# create a user-namespace.
#
# The script should be run as a normal user (not root), in a directory where
# the user has write-permission:
# ./script
# --------------------------------------------------------------------
cleanup()
{
[[ -d "$storedir" ]] || exit 1
cd "$storedir" || exit 1
[[ -d "$tmpdir" ]] || exit 1
lxc-usernsexec -m b:0:1000:1 -m b:100000:100000:1 -- rm -rf "$tmpdir"
}
trap cleanup EXIT
set -e
storedir="$(pwd)"
# create tmpdir
tmpdir="$(mktemp -d --tmpdir=.)"
cd "$tmpdir"
# create lowerdir for overlay
mkdir -p lower/sub
touch lower/lower.txt lower/sub/sub.txt
cd ..
chmod -R a+rwX "$tmpdir"
# run a script in a user namepace
lxc-usernsexec -m b:0:100000:65534 -- bash << EOF
set -e
cd "$tmpdir"
# create tmpfs
mkdir mnt_tmpfs
mount -t tmpfs tmpfs mnt_tmpfs
# create upperdir and workdir for overlay
mkdir mnt_tmpfs/{upper,work}
# mount overlay
mkdir mnt_ovl
mount -t overlay \
-o lowerdir=lower,upperdir=mnt_tmpfs/upper,workdir=mnt_tmpfs/work \
overlay mnt_ovl
echo 'overlay directory listing'
ls -RF mnt_ovl
echo ''
set -x
rm mnt_ovl/lower.txt # always succeeds
rm mnt_ovl/sub/sub.txt # fails with kernel 4.4+
set +x
echo 'script completed without encountering a kernel bug'
EOF
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1617388/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
