[Kernel-packages] [Bug 2009065] Re: overlayfs mounts as R/O over idmapped mount

Fri, 12 Jan 2024 00:40:54 -0800 

** Tags added: fixed-linux-oem-6.5

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2009065

Title:
  overlayfs mounts as R/O over idmapped mount

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Jammy:
  Invalid
Status in linux-hwe-5.19 source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux-hwe-5.19 source package in Kinetic:
  Invalid

Bug description:
  Reproducer:

  create unprivileged LXC container
  $ lxc launch ubuntu:22.04 idmap-test
  $ lxc exec idmap-test bash

  check that root is idmapped by:
  $ cat /proc/self/mountinfo | grep idmap

  780 675 8:1 /var/snap/lxd/common/lxd/storage-
  pools/default/containers/idmap-test/rootfs / rw,relatime,idmapped
  shared:323 master:319 - ext4 /dev/sda1 rw,discard,errors=remount-ro

  $ mkdir {work,upper,lower,ovl}
  $ mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work ovl
  $ touch ovl/test
  touch: cannot touch 'ovl/test': Read-only file system

  The problem is in __vfs_removexattr_noperm() function that called from
  ovl_workdir_create().

  In dmesg I can see an error:
  overlayfs: failed to create directory work/work (errno: 1); mounting read-only

  Reproducible on:
  # uname -a
  Linux ubuntu 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 
30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

  # cat /etc/os-release 
  PRETTY_NAME="Ubuntu 22.04.1 LTS"

  Suspicious commit:
  
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/fs/overlayfs/overlayfs.h?h=Ubuntu-hwe-5.19-5.19.0-32.33_22.04.1&id=3418435738af5730918fafbdfe2905a98ce2ef05

  Chunk:
  +     inode_lock(inode);
  +     err = __vfs_setxattr_noperm(&init_user_ns, dentry, name, value, size, 
flags);
  +     inode_unlock(inode);

  should be:
  +     inode_lock(inode);
  +     err = __vfs_setxattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name, 
value, size, flags);
  +     inode_unlock(inode);

  I'll send a patch soon.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2009065/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to