** Description changed: + SRU Justification + + Impact: SB_I_NOSUID was added by a sauce patch, and over time it has + come to occpy the same bit in s_iflags as SB_I_USERNS_VISIBLE without + being noticed. overlayfs will set SB_I_NOSUID when any lower mount is + nosuid. When this happens for a user namespace mount, + mount_too_revealing() will perform additional, unnecessary checks which + may block mounting when it should be allowed. + + Fix: Relocate SB_I_NOSUID to the top of s_iflags to remove the conflict + and to make future conflicts less likely. + + Test Case: Attached. + + Regression Potential: These flags are internal to the kernel, so moving + SB_I_NOSUID is safe. It's possible that the overlapping flags caused + other unintended behaviors, and if so these will also change and could + result in user-visible changes. However, any such behaviors would also + be incorrect. + + --- + As reported by Jann Horn on bug 1850994, unprivileged overlayfs mounting can fail in disco/eoan due to SB_I_NOSUID and SB_I_USERNS_VISIBLE. - overlayfs sets SB_I_NOSUID for unprivileged mounts, which causes + overlayfs sets SB_I_NOSUID in some cases, which causes mount_too_revealing() to see SB_I_USERNS_VISIBLE as being set. This leads to performing additional, unnecessary checks which may fail.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1851677 Title: s_iflags overlap prevents unprivileged overlayfs mounts Status in linux package in Ubuntu: In Progress Status in linux source package in Disco: In Progress Status in linux source package in Eoan: In Progress Bug description: SRU Justification Impact: SB_I_NOSUID was added by a sauce patch, and over time it has come to occpy the same bit in s_iflags as SB_I_USERNS_VISIBLE without being noticed. overlayfs will set SB_I_NOSUID when any lower mount is nosuid. When this happens for a user namespace mount, mount_too_revealing() will perform additional, unnecessary checks which may block mounting when it should be allowed. Fix: Relocate SB_I_NOSUID to the top of s_iflags to remove the conflict and to make future conflicts less likely. Test Case: Attached. Regression Potential: These flags are internal to the kernel, so moving SB_I_NOSUID is safe. It's possible that the overlapping flags caused other unintended behaviors, and if so these will also change and could result in user-visible changes. However, any such behaviors would also be incorrect. --- As reported by Jann Horn on bug 1850994, unprivileged overlayfs mounting can fail in disco/eoan due to SB_I_NOSUID and SB_I_USERNS_VISIBLE. overlayfs sets SB_I_NOSUID in some cases, which causes mount_too_revealing() to see SB_I_USERNS_VISIBLE as being set. This leads to performing additional, unnecessary checks which may fail. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851677/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
