apport information
** Attachment added: "Lspci-vt.txt"
https://bugs.launchpad.net/bugs/1998602/+attachment/5634716/+files/Lspci-vt.txt
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1998602
Title:
overlay writing user.* xattrs on symlinks
Status in linux package in Ubuntu:
Confirmed
Bug description:
This was reported (and worked around) in https://github.com/project-
stacker/stacker/pull/333.
The kernel does not allow user.* xattrs on a symlink. However, on
5.15.0-53-generic and 5.19.0-21-generic, but not on the ubuntu
mainline build (6.1.0-060100rc5-generic), an unprivileged program can
cause such xattrs to be created. Once they're there, userspace (i.e.
setfattr) cannot remove them since the kernel says they can't exist -
but listxattr shows them.
I've failed so far in setting up a simpler reproducer, so I'll begin
by reporting the full reproducer. Download 'stacker' from
https://github.com/project-
stacker/stacker/releases/download/v0.22.1/stacker . Create a
stacker.yaml config file:
cat > stacker.yaml << EOF
pxe-server-base:
from:
type: docker
url: docker://ubuntu:jammy
run: |
apt-get update
apt-get -y install dnsmasq systemd
sb-pxe-server:
from:
type: built
tag: pxe-server-base
run: |
systemctl disable dnsmasq
EOF
and run 'stacker build'. It will end with:
Executing: /lib/systemd/systemd-sysv-install disable dnsmasq
Removed /etc/systemd/system/multi-user.target.wants/dnsmasq.service.
error: /home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq:
failed to remove attr user.overlay.origin: xattr.LRemove
/home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq
user.overlay.origin: operation not permitted
error: exit status 1
You'll subsequently see that ./roots/sb-pxe-
server/overlay/etc/rc2.d/K01dnsmasq is a symbolic link with
user.overlay.origin xattr (per llistxatr), though you can't read the
contents or delete it.
I had thought I should be able to reproduce it by mounting (in an
unprivileged user+mountns) an overlayfs where the underlay has, say,
"/etc/rc2.d/K" symlink, then rename K to S (as i assume the 'systemctl disable
dnsmasq is doing), but that did not work for me.
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu82.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: serge 3929 F.... pulseaudio
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2022-02-25 (283 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
MachineType: LENOVO 20XXS3JC01
Package: linux (not installed)
ProcEnviron:
TERM=st-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-56-generic
root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 5.15.0-56.62-generic 5.15.64
RelatedPackageVersions:
linux-restricted-modules-5.15.0-56-generic N/A
linux-backports-modules-5.15.0-56-generic N/A
linux-firmware 20220329.git681281e4-0ubuntu3.7
Tags: jammy
Uname: Linux 5.15.0-56-generic x86_64
UpgradeStatus: Upgraded to jammy on 2022-03-16 (264 days ago)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 04/08/2022
dmi.bios.release: 1.52
dmi.bios.vendor: LENOVO
dmi.bios.version: N32ET76W (1.52 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20XXS3JC01
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40697 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.ec.firmware.release: 1.32
dmi.modalias:
dmi:bvnLENOVO:bvrN32ET76W(1.52):bd04/08/2022:br1.52:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9:
dmi.product.family: ThinkPad X1 Carbon Gen 9
dmi.product.name: 20XXS3JC01
dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9
dmi.product.version: ThinkPad X1 Carbon Gen 9
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998602/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
