[Touch-packages] [Bug 484786] Re: Better support for btrfs snapshots
Nowadays, btrfs snapshots can only be taken by the owner of the source subvol. https://btrfs.readthedocs.io/en/latest/ch-mount- options.html#btrfs-specific-mount-options: > Historically, any user could create a snapshot even if he was not owner of the source subvolume, the subvolume deletion has been restricted for that reason. The subvolume creation has been restricted ... I just tested this in a Jammy VM (FYI btrfsctl was replaced by `btrfs subvolume snapshot`): ``` ubuntu@bj:~$ uname -a Linux bj 5.15.0-75-generic #82-Ubuntu SMP Tue Jun 6 23:10:23 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux ubuntu@bj:~$ dpkg -l| grep btrfs ii btrfs-progs 5.16.2-1 amd64Checksumming Copy on Write Filesystem utilities ubuntu@bj:~$ mount | grep btrfs /dev/sda3 on /home type btrfs (rw,noatime,space_cache=v2,subvolid=5,subvol=/) # Trying while /home is root owned ubuntu@bj:~$ btrfs subvolume snapshot /home ./homefoo Create a snapshot of '/home' in './homefoo' ERROR: cannot snapshot '/home': Operation not permitted # Changing ownership of the source subvol ubuntu@bj:~$ sudo chown ubuntu: /home # Trying now that /home is owned by ubuntu: ubuntu@bj:~$ btrfs subvolume snapshot /home ./homefoo Create a snapshot of '/home' in './homefoo' ``` So I don't think it's a concern anymore but I won't fiddle with the bug status and leave that to others ;) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/484786 Title: Better support for btrfs snapshots Status in AppArmor: Triaged Status in apparmor package in Ubuntu: Triaged Status in linux package in Ubuntu: Triaged Bug description: Binary package hint: apparmor I just realized that the btrfs snapshotting ioctl is usable by all users, not root as I previously assumed. This makes it concerningly easy for users on btrfs to defeat a path-based MAC framework like AppArmor. For example, consider the gdm-guest-session user. If I log into a gdm-guest-session on btrfs: (1) ls /home ==> Permission denied as expected, by AppArmor. (2) cd /tmp (3) btrfsctl -s test / (Make a snapshot of / in /tmp called test) (4) cd /tmp/test (5) Profit! Apparmor-unrestricted mirror of / in /tmp/test! As btrfs inevitably will become a mainstream filesystem, it's a good time to begin thinking about how to handle this situation. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 484786] Re: Better support for btrfs snapshots
** Changed in: apparmor (Ubuntu) Importance: Low = Medium ** Changed in: apparmor (Ubuntu) Status: Confirmed = Triaged ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/484786 Title: Better support for btrfs snapshots Status in AppArmor Linux application security framework: Triaged Status in “apparmor” package in Ubuntu: Triaged Status in “linux” package in Ubuntu: Triaged Bug description: Binary package hint: apparmor I just realized that the btrfs snapshotting ioctl is usable by all users, not root as I previously assumed. This makes it concerningly easy for users on btrfs to defeat a path-based MAC framework like AppArmor. For example, consider the gdm-guest-session user. If I log into a gdm-guest-session on btrfs: (1) ls /home == Permission denied as expected, by AppArmor. (2) cd /tmp (3) btrfsctl -s test / (Make a snapshot of / in /tmp called test) (4) cd /tmp/test (5) Profit! Apparmor-unrestricted mirror of / in /tmp/test! As btrfs inevitably will become a mainstream filesystem, it's a good time to begin thinking about how to handle this situation. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 484786] Re: Better support for btrfs snapshots
** Changed in: linux (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/484786 Title: Better support for btrfs snapshots Status in AppArmor Linux application security framework: Triaged Status in “apparmor” package in Ubuntu: Triaged Status in “linux” package in Ubuntu: Triaged Bug description: Binary package hint: apparmor I just realized that the btrfs snapshotting ioctl is usable by all users, not root as I previously assumed. This makes it concerningly easy for users on btrfs to defeat a path-based MAC framework like AppArmor. For example, consider the gdm-guest-session user. If I log into a gdm-guest-session on btrfs: (1) ls /home == Permission denied as expected, by AppArmor. (2) cd /tmp (3) btrfsctl -s test / (Make a snapshot of / in /tmp called test) (4) cd /tmp/test (5) Profit! Apparmor-unrestricted mirror of / in /tmp/test! As btrfs inevitably will become a mainstream filesystem, it's a good time to begin thinking about how to handle this situation. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 484786] Re: Better support for btrfs snapshots
** Tags added: aa-kernel -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/484786 Title: Better support for btrfs snapshots Status in AppArmor Linux application security framework: Triaged Status in “apparmor” package in Ubuntu: Confirmed Bug description: Binary package hint: apparmor I just realized that the btrfs snapshotting ioctl is usable by all users, not root as I previously assumed. This makes it concerningly easy for users on btrfs to defeat a path-based MAC framework like AppArmor. For example, consider the gdm-guest-session user. If I log into a gdm-guest-session on btrfs: (1) ls /home == Permission denied as expected, by AppArmor. (2) cd /tmp (3) btrfsctl -s test / (Make a snapshot of / in /tmp called test) (4) cd /tmp/test (5) Profit! Apparmor-unrestricted mirror of / in /tmp/test! As btrfs inevitably will become a mainstream filesystem, it's a good time to begin thinking about how to handle this situation. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 484786] Re: Better support for btrfs snapshots
** Summary changed: - Better support btrfs snapshots + Better support for btrfs snapshots -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/484786 Title: Better support for btrfs snapshots Status in AppArmor Linux application security framework: Triaged Status in “apparmor” package in Ubuntu: Confirmed Bug description: Binary package hint: apparmor I just realized that the btrfs snapshotting ioctl is usable by all users, not root as I previously assumed. This makes it concerningly easy for users on btrfs to defeat a path-based MAC framework like AppArmor. For example, consider the gdm-guest-session user. If I log into a gdm-guest-session on btrfs: (1) ls /home == Permission denied as expected, by AppArmor. (2) cd /tmp (3) btrfsctl -s test / (Make a snapshot of / in /tmp called test) (4) cd /tmp/test (5) Profit! Apparmor-unrestricted mirror of / in /tmp/test! As btrfs inevitably will become a mainstream filesystem, it's a good time to begin thinking about how to handle this situation. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/484786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp