[Kernel-packages] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

Launchpad Bug Tracker Mon, 20 Feb 2017 19:17:02 -0800

This bug was fixed in the package linux - 4.10.0-8.10

---------------
linux (4.10.0-8.10) zesty; urgency=low


  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1664217

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
    (LP: #1663687)
    - scsi: storvsc: Enable tracking of queue depth
    - scsi: storvsc: Remove the restriction on max segment size
    - scsi: storvsc: Enable multi-queue support
    - scsi: storvsc: use tagged SRB requests if supported by the device
    - scsi: storvsc: properly handle SRB_ERROR when sense message is present
    - scsi: storvsc: properly set residual data length on errors

  * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
    caused KVM host hung and all KVM guests down. (LP: #1651248)
    - KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
    - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
    - KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
    - KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
    - KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend

  * overlay: mkdir fails if directory exists in lowerdir in a user namespace
    (LP: #1531747)
    - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * CVE-2016-1575 (LP: #1534961)
    - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * CVE-2016-1576 (LP: #1535150)
    - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * Miscellaneous Ubuntu changes
    - SAUCE: md/raid6 algorithms: scale test duration for speedier boots
    - SAUCE: Import aufs driver
    - d-i: Build message-modules udeb for arm64
    - rebase to v4.10-rc8

  * Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment"
    - Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support 
setattr_prepare()"
    - Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()"
    - Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers"
    - Revert "UBUNTU: SAUCE: Import aufs driver"

  [ Upstream Kernel Changes ]

  * rebase to v4.10-rc8

 -- Tim Gardner <tim.gard...@canonical.com>  Mon, 06 Feb 2017 08:34:24
-0700

** Changed in: linux (Ubuntu)
       Status: Incomplete => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1575

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1576

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1638996

Title:
  apparmor's raw_data file in securityfs is sometimes truncated

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  It looks like sometimes apparmor's securityfs output is sometimes
  truncated,

  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1#
 ls -al
  total 0
  drwxr-xr-x  3 root root     0 Nov  3 16:45 .
  drwxr-xr-x 13 root root     0 Nov  3 16:44 ..
  -r--r--r--  1 root root     0 Nov  3 16:45 attach
  -r--r--r--  1 root root     0 Nov  3 16:45 mode
  -r--r--r--  1 root root     0 Nov  3 16:45 name
  drwxr-xr-x  3 root root     0 Nov  3 16:45 profiles
  -r--r--r--  1 root root     0 Nov  3 16:45 raw_abi
  -r--r--r--  1 root root 46234 Nov  3 16:45 raw_data
  -r--r--r--  1 root root     0 Nov  3 16:45 raw_hash
  -r--r--r--  1 root root     0 Nov  3 16:45 sha1
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1#
 cat raw_data > /tmp/out
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1#
 ls -al /tmp/out 
  -rw-r--r-- 1 root root 4009 Nov  3 16:55 /tmp/out

  and

  2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/
  2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size 
of the policy
  2016-11-03 10:59:20 @jjohansen  tych0: hrmm interesting, can you zip up the 
/tmp/out file so I can see it looks like a complete policy file?
  2016-11-03 11:00:03 @jjohansen  something is definitely not right there. hrmmm
  2016-11-03 11:00:26 @jjohansen  the size is set by the input buffer size
  2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out
  2016-11-03 11:00:36 tych0 yeah, i assume
  2016-11-03 11:01:15 @jjohansen  my guess is something is messing up in the 
seq_file walk of the policy
  2016-11-03 11:02:38 @jjohansen  tych0: yep the file is truncated, can you 
open a bug and I will start looking for it
  2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux?
  2016-11-03 11:03:35 @jjohansen  tych0: yeah for now, just linux
  2016-11-03 11:03:43 @jjohansen  we can add others if needed later
  2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue 
sometimes it works and sometimes it doesn't

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

Reply via email to