This bug was fixed in the package linux - 5.4.0-42.46
---------------
linux (5.4.0-42.46) focal; urgency=medium
* focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"
linux (5.4.0-41.45) focal; urgency=medium
* focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2019-19642
- kernel/relay.c: handle alloc_percpu returning NULL in relay_open
* CVE-2019-16089
- SAUCE: nbd_genl_status: null check for nla_nest_start
* CVE-2020-11935
- aufs: do not call i_readcount_inc()
* ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
kernel (LP: #1826848)
- selftests: net: ip_defrag: ignore EPERM
* Update lockdown patches (LP: #1884159)
- SAUCE: acpi: disallow loading configfs acpi tables when locked down
* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [packaging] add signed modules for the 418-server and the 440-server
flavours
-- Khalid Elmously <khalid.elmou...@canonical.com> Thu, 09 Jul 2020
19:50:26 -0400
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1872094
Title:
shiftfs: broken shiftfs nesting
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
SRU Justification
Impact: When nested containers use shiftfs and they have different id
mappings the nested container lacks privileges to create any files in its root
filesystem unless the directory in question is very permissive. This prevents
nested containers from being usable.
Here is a reproducer as given by Stéphane:
Reproducer:
- lxc init images:ubuntu/bionic b1 -c security.nesting=true
- Confirm b1 uses shiftfs and uses the default map
root@b1:~# cat /proc/self/uid_map
0 1000000 1000000000
root@b1:~# grep shiftfs /proc/self/mountinfo
3702 2266 0:92 / / rw,relatime - shiftfs
/var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3
- Install LXD snap in there
- snap set lxd shiftfs.enable=true
- systemctl reload snap.lxd.daemon
- lxd init --auto
- lxc launch images:alpine/edge a1
- Confirm that a1 uses a different map than b1
- Confirm that a1 uses shiftfs
- touch /etc/a should fail with EACCES
Fix: Instead of recording the credentials of the process that created
the innermost shiftfs mount we need to record the credentials of the
lowers creator of the first shiftfs mark mount since we always refer
back to the lowers mount to get around vfs layering restrictions.
Regression Potential: Limited to shiftfs.
Test Case: Built a kernel with the mentioned fix and ran the
reproducer. The issue was not reproducible.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
