** Summary changed: - Backport unprivileged fscaps to xenial 4.4 + Backport namespaced fscaps to xenial 4.4
** Description changed: SRU Justification - Impact: Support for using filesystem capabilities was added upstream in - Linux 4.14. This is a useful feature that allows unprivileged containers - to set fscaps that are valid only in user namespaces where a specific - kuid is mapped to root. This allows for e.g. support for Linux distros - within lxd which make use of filesystem capabilities. + Impact: Support for using filesystem capabilities in unprivileged user + namespaces was added upstream in Linux 4.14. This is a useful feature + that allows unprivileged containers to set fscaps that are valid only in + user namespaces where a specific kuid is mapped to root. This allows for + e.g. support for Linux distros within lxd which make use of filesystem + capabilities. Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4. Test Case: Test use of fscaps within a lxd container. Regression Potential: This has been upstream since 4.14 (and thus is present in bionic), and the backport to xenial 4.4 was not difficult, so regression potential is low. ** Description changed: SRU Justification Impact: Support for using filesystem capabilities in unprivileged user namespaces was added upstream in Linux 4.14. This is a useful feature that allows unprivileged containers to set fscaps that are valid only in user namespaces where a specific kuid is mapped to root. This allows for e.g. support for Linux distros within lxd which make use of filesystem capabilities. Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4. Test Case: Test use of fscaps within a lxd container. Regression Potential: This has been upstream since 4.14 (and thus is - present in bionic), and the backport to xenial 4.4 was not difficult, so - regression potential is low. + present in bionic), and the backport to xenial 4.4 was straightforward, + so regression potential is low. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1778286 Title: Backport namespaced fscaps to xenial 4.4 Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: In Progress Bug description: SRU Justification Impact: Support for using filesystem capabilities in unprivileged user namespaces was added upstream in Linux 4.14. This is a useful feature that allows unprivileged containers to set fscaps that are valid only in user namespaces where a specific kuid is mapped to root. This allows for e.g. support for Linux distros within lxd which make use of filesystem capabilities. Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4. Test Case: Test use of fscaps within a lxd container. Regression Potential: This has been upstream since 4.14 (and thus is present in bionic), and the backport to xenial 4.4 was straightforward, so regression potential is low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1778286/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
