apport information ** Attachment added: "ProcCpuinfo.txt" https://bugs.launchpad.net/bugs/1998602/+attachment/5634721/+files/ProcCpuinfo.txt
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1998602 Title: overlay writing user.* xattrs on symlinks Status in linux package in Ubuntu: Confirmed Bug description: This was reported (and worked around) in https://github.com/project- stacker/stacker/pull/333. The kernel does not allow user.* xattrs on a symlink. However, on 5.15.0-53-generic and 5.19.0-21-generic, but not on the ubuntu mainline build (6.1.0-060100rc5-generic), an unprivileged program can cause such xattrs to be created. Once they're there, userspace (i.e. setfattr) cannot remove them since the kernel says they can't exist - but listxattr shows them. I've failed so far in setting up a simpler reproducer, so I'll begin by reporting the full reproducer. Download 'stacker' from https://github.com/project- stacker/stacker/releases/download/v0.22.1/stacker . Create a stacker.yaml config file: cat > stacker.yaml << EOF pxe-server-base: from: type: docker url: docker://ubuntu:jammy run: | apt-get update apt-get -y install dnsmasq systemd sb-pxe-server: from: type: built tag: pxe-server-base run: | systemctl disable dnsmasq EOF and run 'stacker build'. It will end with: Executing: /lib/systemd/systemd-sysv-install disable dnsmasq Removed /etc/systemd/system/multi-user.target.wants/dnsmasq.service. error: /home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq: failed to remove attr user.overlay.origin: xattr.LRemove /home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq user.overlay.origin: operation not permitted error: exit status 1 You'll subsequently see that ./roots/sb-pxe- server/overlay/etc/rc2.d/K01dnsmasq is a symbolic link with user.overlay.origin xattr (per llistxatr), though you can't read the contents or delete it. I had thought I should be able to reproduce it by mounting (in an unprivileged user+mountns) an overlayfs where the underlay has, say, "/etc/rc2.d/K" symlink, then rename K to S (as i assume the 'systemctl disable dnsmasq is doing), but that did not work for me. --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: serge 3929 F.... pulseaudio DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2022-02-25 (283 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) MachineType: LENOVO 20XXS3JC01 Package: linux (not installed) ProcEnviron: TERM=st-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-56-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 5.15.0-56.62-generic 5.15.64 RelatedPackageVersions: linux-restricted-modules-5.15.0-56-generic N/A linux-backports-modules-5.15.0-56-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.7 Tags: jammy Uname: Linux 5.15.0-56-generic x86_64 UpgradeStatus: Upgraded to jammy on 2022-03-16 (264 days ago) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 04/08/2022 dmi.bios.release: 1.52 dmi.bios.vendor: LENOVO dmi.bios.version: N32ET76W (1.52 ) dmi.board.asset.tag: Not Available dmi.board.name: 20XXS3JC01 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.ec.firmware.release: 1.32 dmi.modalias: dmi:bvnLENOVO:bvrN32ET76W(1.52):bd04/08/2022:br1.52:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9: dmi.product.family: ThinkPad X1 Carbon Gen 9 dmi.product.name: 20XXS3JC01 dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9 dmi.product.version: ThinkPad X1 Carbon Gen 9 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998602/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
