This bug was fixed in the package linux - 5.4.0-42.46 --------------- linux (5.4.0-42.46) focal; urgency=medium
* focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069) * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668) - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups" linux (5.4.0-41.45) focal; urgency=medium * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855) * Packaging resync (LP: #1786013) - update dkms package versions * CVE-2019-19642 - kernel/relay.c: handle alloc_percpu returning NULL in relay_open * CVE-2019-16089 - SAUCE: nbd_genl_status: null check for nla_nest_start * CVE-2020-11935 - aufs: do not call i_readcount_inc() * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4 kernel (LP: #1826848) - selftests: net: ip_defrag: ignore EPERM * Update lockdown patches (LP: #1884159) - SAUCE: acpi: disallow loading configfs acpi tables when locked down * seccomp_bpf fails on powerpc (LP: #1885757) - SAUCE: selftests/seccomp: fix ptrace tests on powerpc * Introduce the new NVIDIA 418-server and 440-server series, and update the current NVIDIA drivers (LP: #1881137) - [packaging] add signed modules for the 418-server and the 440-server flavours -- Khalid Elmously <khalid.elmou...@canonical.com> Thu, 09 Jul 2020 19:50:26 -0400 ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0 1000000 1000000000 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp