[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This bug was fixed in the package linux - 5.4.0-42.46 --- linux (5.4.0-42.46) focal; urgency=medium * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069) * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668) - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups" linux (5.4.0-41.45) focal; urgency=medium * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855) * Packaging resync (LP: #1786013) - update dkms package versions * CVE-2019-19642 - kernel/relay.c: handle alloc_percpu returning NULL in relay_open * CVE-2019-16089 - SAUCE: nbd_genl_status: null check for nla_nest_start * CVE-2020-11935 - aufs: do not call i_readcount_inc() * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4 kernel (LP: #1826848) - selftests: net: ip_defrag: ignore EPERM * Update lockdown patches (LP: #1884159) - SAUCE: acpi: disallow loading configfs acpi tables when locked down * seccomp_bpf fails on powerpc (LP: #1885757) - SAUCE: selftests/seccomp: fix ptrace tests on powerpc * Introduce the new NVIDIA 418-server and 440-server series, and update the current NVIDIA drivers (LP: #1881137) - [packaging] add signed modules for the 418-server and the 440-server flavours -- Khalid Elmously Thu, 09 Jul 2020 19:50:26 -0400 ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This bug was fixed in the package linux - 5.3.0-53.47
---
linux (5.3.0-53.47) eoan; urgency=medium
* eoan/linux: 5.3.0-53.47 -proposed tracker (LP: #1877257)
* Intermittent display blackouts on event (LP: #1875254)
- drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only
* Unable to handle kernel pointer dereference in virtual kernel address space
on Eoan (LP: #1876645)
- SAUCE: overlayfs: fix shitfs special-casing
linux (5.3.0-52.46) eoan; urgency=medium
* eoan/linux: 5.3.0-52.46 -proposed tracker (LP: #1874752)
* alsa: make the dmic detection align to the mainline kernel-5.6
(LP: #1871284)
- ALSA: hda: add Intel DSP configuration / probe code
- ALSA: hda: fix intel DSP config
- ALSA: hda: Allow non-Intel device probe gracefully
- ALSA: hda: More constifications
- ALSA: hda: Rename back to dmic_detect option
- [Config] SND_INTEL_DSP_CONFIG=m
- [packaging] Remove snd-intel-nhlt from modules
* built-using constraints preventing uploads (LP: #1875601)
- temporarily drop Built-Using data
* ubuntu/focal64 fails to mount Vagrant shared folders (LP: #1873506)
- [Packaging] Move virtualbox modules to linux-modules
- [Packaging] Remove vbox and zfs modules from generic.inclusion-list
* linux-image-5.0.0-35-generic breaks checkpointing of container
(LP: #1857257)
- SAUCE: overlayfs: use shiftfs hacks only with shiftfs as underlay
* shiftfs: broken shiftfs nesting (LP: #1872094)
- SAUCE: shiftfs: record correct creator credentials
* Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
- [Packaging] add support to compile/run selftests
* shiftfs: O_TMPFILE reports ESTALE (LP: #1872757)
- SAUCE: shiftfs: fix dentry revalidation
* getitimer returns it_value=0 erroneously (LP: #1349028)
- [Config] CONTEXT_TRACKING_FORCE policy should be unset
* 5.3.0-46-generic - i915 - frequent GPU hangs / resets rcs0 (LP: #1872001)
- drm/i915/execlists: Preempt-to-busy
- drm/i915/gt: Detect if we miss WaIdleLiteRestore
- drm/i915/execlists: Always force a context reload when rewinding RING_TAIL
* alsa/sof: external mic can't be deteced on Lenovo and HP laptops
(LP: #1872569)
- SAUCE: ASoC: intel/skl/hda - set autosuspend timeout for hda codecs
* Eoan update: upstream stable patchset 2020-04-22 (LP: #1874325)
- ARM: dts: sun8i-a83t-tbs-a711: HM5065 doesn't like such a high voltage
- bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
- net: vxge: fix wrong __VA_ARGS__ usage
- hinic: fix a bug of waitting for IO stopped
- hinic: fix wrong para of wait_for_completion_timeout
- cxgb4/ptp: pass the sign of offset delta in FW CMD
- qlcnic: Fix bad kzalloc null test
- i2c: st: fix missing struct parameter description
- cpufreq: imx6q: Fixes unwanted cpu overclocking on i.MX6ULL
- media: venus: hfi_parser: Ignore HEVC encoding for V1
- firmware: arm_sdei: fix double-lock on hibernate with shared events
- null_blk: Fix the null_add_dev() error path
- null_blk: Handle null_add_dev() failures properly
- null_blk: fix spurious IO errors after failed past-wp access
- xhci: bail out early if driver can't accress host in resume
- x86: Don't let pgprot_modify() change the page encryption bit
- block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
- irqchip/versatile-fpga: Handle chained IRQs properly
- sched: Avoid scale real weight down to zero
- selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
- PCI/switchtec: Fix init_completion race condition with poll_wait()
- media: i2c: video-i2c: fix build errors due to 'imply hwmon'
- libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
- pstore/platform: fix potential mem leak if pstore_init_fs failed
- gfs2: Don't demote a glock until its revokes are written
- x86/boot: Use unsigned comparison for addresses
- efi/x86: Ignore the memory attributes table on i386
- genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
- block: Fix use-after-free issue accessing struct io_cq
- media: i2c: ov5695: Fix power on and off sequences
- usb: dwc3: core: add support for disabling SS instances in park mode
- irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
- md: check arrays is suspended in mddev_detach before call quiesce
operations
- firmware: fix a double abort case with fw_load_sysfs_fallback
- locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body
- btrfs: qgroup: ensure qgroup_rescan_running is only set when the worker is
at least queued
- btrfs: remove a BUG_ON() from merge_reloc_roots()
- btrfs: track reloc roots based on their commit root bytenr
- ASoC: fix regwmask
- ASoC: dapm: connect v
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This bug was fixed in the package linux - 5.4.0-31.35 --- linux (5.4.0-31.35) focal; urgency=medium * focal/linux: 5.4.0-31.35 -proposed tracker (LP: #1877253) * Intermittent display blackouts on event (LP: #1875254) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only * Unable to handle kernel pointer dereference in virtual kernel address space on Eoan (LP: #1876645) - SAUCE: overlayfs: fix shitfs special-casing linux (5.4.0-30.34) focal; urgency=medium * focal/linux: 5.4.0-30.34 -proposed tracker (LP: #1875385) * ubuntu/focal64 fails to mount Vagrant shared folders (LP: #1873506) - [Packaging] Move virtualbox modules to linux-modules - [Packaging] Remove vbox and zfs modules from generic.inclusion-list * linux-image-5.0.0-35-generic breaks checkpointing of container (LP: #1857257) - SAUCE: overlayfs: use shiftfs hacks only with shiftfs as underlay * shiftfs: broken shiftfs nesting (LP: #1872094) - SAUCE: shiftfs: record correct creator credentials * Add debian/rules targets to compile/run kernel selftests (LP: #1874286) - [Packaging] add support to compile/run selftests * shiftfs: O_TMPFILE reports ESTALE (LP: #1872757) - SAUCE: shiftfs: fix dentry revalidation * LIO hanging in iscsit_free_session and iscsit_stop_session (LP: #1871688) - scsi: target: iscsi: calling iscsit_stop_session() inside iscsit_close_session() has no effect * [ICL] TC port in legacy/static mode can't be detected due TCCOLD (LP: #1868936) - SAUCE: drm/i915: Align power domain names with port names - SAUCE: drm/i915/display: Move out code to return the digital_port of the aux ch - SAUCE: drm/i915/display: Add intel_legacy_aux_to_power_domain() - SAUCE: drm/i915/display: Split hsw_power_well_enable() into two - SAUCE: drm/i915/tc/icl: Implement TC cold sequences - SAUCE: drm/i915/tc: Skip ref held check for TC legacy aux power wells - SAUCE: drm/i915/tc/tgl: Implement TC cold sequences - SAUCE: drm/i915/tc: Catch TC users accessing FIA registers without enable aux - SAUCE: drm/i915/tc: Do not warn when aux power well of static TC ports timeout * alsa/sof: external mic can't be deteced on Lenovo and HP laptops (LP: #1872569) - SAUCE: ASoC: intel/skl/hda - set autosuspend timeout for hda codecs * amdgpu kernel errors in Linux 5.4 (LP: #1871248) - drm/amd/display: Stop if retimer is not available * Focal update: v5.4.34 upstream stable release (LP: #1874111) - amd-xgbe: Use __napi_schedule() in BH context - hsr: check protocol version in hsr_newlink() - l2tp: Allow management of tunnels and session in user namespace - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin - net: ipv6: do not consider routes via gateways for anycast address check - net: phy: micrel: use genphy_read_status for KSZ9131 - net: qrtr: send msgs from local of same id as broadcast - net: revert default NAPI poll timeout to 2 jiffies - net: tun: record RX queue in skb before do_xdp_generic() - net: dsa: mt7530: move mt7623 settings out off the mt7530 - net: ethernet: mediatek: move mt7623 settings out off the mt7530 - net/mlx5: Fix frequent ioread PCI access during recovery - net/mlx5e: Add missing release firmware call - net/mlx5e: Fix nest_level for vlan pop action - net/mlx5e: Fix pfnum in devlink port attribute - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes - ovl: fix value of i_ino for lower hardlink corner case - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic - platform/chrome: cros_ec_rpmsg: Fix race with host event - jbd2: improve comments about freeing data buffers whose page mapping is NULL - acpi/nfit: improve bounds checking for 'func' - perf report: Fix no branch type statistics report issue - pwm: pca9685: Fix PWM/GPIO inter-operation - ext4: fix incorrect group count in ext4_fill_super error message - ext4: fix incorrect inodes per group in error message - clk: at91: sam9x60: fix usb clock parents - clk: at91: usb: use proper usbs_mask - ARM: dts: imx7-colibri: fix muxing of usbc_det pin - arm64: dts: librem5-devkit: add a vbus supply to usb0 - usb: dwc3: gadget: Don't clear flags before transfer ended - ASoC: Intel: mrfld: fix incorrect check on p->sink - ASoC: Intel: mrfld: return error codes when an error occurs - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT - ALSA: usb-audio: Filter error from connector kctl ops, too - ALSA: usb-audio: Don't override ignore_ctl_error value from the map - ALSA: usb-audio: Don't create jack controls for PCM terminals - ALSA: usb-audio: Check mapping at creating connector controls, too - arm64: vdso: don't free unallocated pages - keys: Fix proc_
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Tags removed: verification-needed-eoan verification-needed-focal ** Tags added: verification-done-eoan verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Changed in: linux (Ubuntu Eoan) Status: New => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Also affects: linux (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Committed Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
This should preferably be backported to all LTS kernels that support shiftfs. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1872094] Re: shiftfs: broken shiftfs nesting
See https://github.com/brauner/ubuntu-unstable/commits/2020-04-10/shiftfs_nesting for fix. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting Status in linux package in Ubuntu: In Progress Bug description: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
