[Bug 1969905] Re: lxc-test-no-new-privs in ubuntu_lxc failed on F-s390x zVM (lxc 1:4.0.12-0ubuntu1~20.04.1 )
And that only fails on s390x? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969905 Title: lxc-test-no-new-privs in ubuntu_lxc failed on F-s390x zVM (lxc 1:4.0.12-0ubuntu1~20.04.1 ) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1969905/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1959013] Re: systemd test_exec_umask_namespace fails in privileged container
Are the tests run with security.nesting=true set? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1959013 Title: systemd test_exec_umask_namespace fails in privileged container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1959013/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1947811] Re: cgroups broken in impish
On Mon, Jan 03, 2022 at 02:44:10PM -, Christian Ehrhardt wrote: > @stgraber - since this is lx[cd] and you still usually do the uploads. > Do you have insight or opinion about this? LXCFS upstream contains a commit that will simply make /var/lib/lxcfs/cgroup an empty directory without reporting any error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1947811 Title: cgroups broken in impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1947811/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1943441] Re: lxc: lxc-test-parse-config-file failure
This was caused by a recent change to how we handle selinux and apparmor config options when LXC is compiled without support. I've sent https://github.com/lxc/lxc/pull/3969 specific to stable-4.0. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943441 Title: lxc: lxc-test-parse-config-file failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1943441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1943441] Re: lxc: lxc-test-parse-config-file failure
** Changed in: lxc (Ubuntu) Status: New => Confirmed ** Changed in: lxc (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943441 Title: lxc: lxc-test-parse-config-file failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1943441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940392] Re: fs: removing mandatory locks
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940392 Title: fs: removing mandatory locks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1940392/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940392] [NEW] fs: removing mandatory locks
Public bug reported: Hello, Upstream is dicussing the removal of mandatory locks. To actually do this at some point distros will need to start disabling CONFIG_MANDATORY_FILE_LOCKING. It seems our kernel still defaults to CONFIG_MANDATORY_FILE_LOCKING=y. If feasible I'd like to propose disabling CONFIG_MANDATORY_FILE_LOCKING in the upcoming kernel releases. From the thread it seems that RHEL 8 and Fedora already disable mandatory locks: https://lore.kernel.org/lkml/c65c4e42-9661-1321-eaf8-61b1d6f89...@redhat.com Thanks! Christian ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940392 Title: fs: removing mandatory locks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1940392/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939301] Re: REGRESSION: shiftfs lets sendfile fail with EINVAL
** Changed in: linux-meta-hwe-5.11 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939301 Title: REGRESSION: shiftfs lets sendfile fail with EINVAL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta-hwe-5.11/+bug/1939301/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938771] Re: lxc-test-rootfs test regression with 4.0.10-0ubuntu3
** Changed in: lxc (Ubuntu Impish) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938771 Title: lxc-test-rootfs test regression with 4.0.10-0ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1938771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938771] Re: lxc-test-rootfs test regression with 4.0.10-0ubuntu3
Also added tests around rootfs mount options. ** Changed in: lxc (Ubuntu Impish) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938771 Title: lxc-test-rootfs test regression with 4.0.10-0ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1938771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938771] Re: lxc-test-rootfs test regression with 4.0.10-0ubuntu3
Thanks for reporting this. I've fixed this in: https://github.com/lxc/lxc/pull/3921 ** Changed in: lxc (Ubuntu Impish) Status: New => Confirmed ** Changed in: lxc (Ubuntu Impish) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938771 Title: lxc-test-rootfs test regression with 4.0.10-0ubuntu3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1938771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1776381] Re: lxc-test-api-reboot will hang with autopkgtest
Hm, what is the LXC version used here? Is it the one in Bionic? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776381 Title: lxc-test-api-reboot will hang with autopkgtest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1776381/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1931064] Re: lxc autotest failure with kernel >= 5.13
I'm currently treating this as an upstream kernel regression reported here https://lore.kernel.org/regressions/20210607142245.eikvyeacqwwu6dn3@wittgenstein We should wait whether a simple revert will be acceptable or whether anything else is needed from LXC specifically. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1931064 Title: lxc autotest failure with kernel >= 5.13 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1931064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1931064] [NEW] lxc autotest failure with kernel >= 5.13
On Mon, Jun 07, 2021 at 05:14:50AM -, Andrea Righi wrote:
> Public bug reported:
>
> The lxc autotest is failing with the following error(s) on the latest
> kernel linux-unstable 5.13:
>
> FAIL: lxc-tests: lxc-test-apparmor (1s)
> ---
> failed - opened /sys/kernel/uevent_helper
> ---
> PASS: lxc-tests: lxc-test-apparmor-generated (0s)
> PASS: lxc-tests: lxc-test-apparmor-mount (29s)
> FAIL: lxc-tests: lxc-test-attach (1s)
> ---
> attach.c: 410: main: Using "/tmp/attach_x8lgO2" as temporary log file for
> container lxc-attach-test
>
> I was able to bisect the problem and found that the offending commit is:
>
> bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 ("proc: Check /proc/$pid/attr/
> writes against file opener")
>
> This commit looks like a sane fix, so simply reverting it in the kernel
> doesn't seem a viable solution.
>
> I think we should address and understand the issue in the lxc package.
So this failure implies that the
/sys/kernel/uevent_helper
file that we denied access to via AppArmor can now be opened. And then
lxc-test-attach reports an LSM label mismatch in the link you posted
below too so that seems scary...
>
> Detailed log of the failure: https://autopkgtest.ubuntu.com/results
> /autopkgtest-impish-canonical-kernel-team-
> bootstrap/impish/amd64/l/lxc/20210601_082733_a3ae4@/log.gz
>
> ** Affects: lxc (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Description changed:
>
> The lxc autotest is failing with the following error(s) on the latest
> kernel linux-unstable 5.13:
>
> FAIL: lxc-tests: lxc-test-apparmor (1s)
> ---
> failed - opened /sys/kernel/uevent_helper
> ---
> PASS: lxc-tests: lxc-test-apparmor-generated (0s)
> PASS: lxc-tests: lxc-test-apparmor-mount (29s)
> FAIL: lxc-tests: lxc-test-attach (1s)
> ---
> attach.c: 410: main: Using "/tmp/attach_x8lgO2" as temporary log file for
> container lxc-attach-test
>
> I was able to bisect the problem and found that the offending commit is:
>
> bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 ("proc: Check /proc/$pid/attr/
> writes against file opener")
>
> This commit looks like a sane fix, so simply reverting it in the kernel
> doesn't seem a viable solution.
>
> I think we should address and understand the issue in the lxc package.
> +
> + Detailed log of the failure: https://autopkgtest.ubuntu.com/results
> + /autopkgtest-impish-canonical-kernel-team-
> + bootstrap/impish/amd64/l/lxc/20210601_082733_a3ae4@/log.gz
>
> --
> You received this bug notification because you are a member of Ubuntu
> containers team, which is subscribed to lxc in Ubuntu.
> Matching subscriptions: lxc
> https://bugs.launchpad.net/bugs/1931064
>
> Title:
> lxc autotest failure with kernel >= 5.13
>
> Status in lxc package in Ubuntu:
> New
>
> Bug description:
> The lxc autotest is failing with the following error(s) on the latest
> kernel linux-unstable 5.13:
>
> FAIL: lxc-tests: lxc-test-apparmor (1s)
> ---
> failed - opened /sys/kernel/uevent_helper
> ---
> PASS: lxc-tests: lxc-test-apparmor-generated (0s)
> PASS: lxc-tests: lxc-test-apparmor-mount (29s)
> FAIL: lxc-tests: lxc-test-attach (1s)
> ---
> attach.c: 410: main: Using "/tmp/attach_x8lgO2" as temporary log file for
> container lxc-attach-test
>
> I was able to bisect the problem and found that the offending commit
> is:
>
> bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 ("proc: Check
> /proc/$pid/attr/ writes against file opener")
>
> This commit looks like a sane fix, so simply reverting it in the
> kernel doesn't seem a viable solution.
>
> I think we should address and understand the issue in the lxc package.
>
> Detailed log of the failure: https://autopkgtest.ubuntu.com/results
> /autopkgtest-impish-canonical-kernel-team-
> bootstrap/impish/amd64/l/lxc/20210601_082733_a3ae4@/log.gz
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1931064/+subscriptions
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931064
Title:
lxc autotest failure with kernel >= 5.13
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1931064/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1917601] Re: lxc 1:4.0.4-0ubuntu3 ADT test failure with linux 5.8.0-45.51
This is with 4.0.4 and the bug is fixed in 4.0.6 which it seems hasn't made it into Groovy yet (but is released). I'm not sure what Stéphane's timeline is there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917601 Title: lxc 1:4.0.4-0ubuntu3 ADT test failure with linux 5.8.0-45.51 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917601/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884024] Re: lxc-test-device-add-remove from ubuntu_lxc failed on B-5.4
This has been fixed a long while ago: commit 920cbb00268ce50d1306daebb74871f66583a46c Author: Christian Brauner Date: Mon Nov 18 15:08:22 2019 +0100 tests: use /dev/loop-control instead of /dev/network_latency BugLink: https://bugs.launchpad.net/bugs/1848587 The latter device has been removed apparently. which is also backported stable-3.0. So Stéphane just needs to cut a new stable point release. ** Changed in: lxc (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884024 Title: lxc-test-device-add-remove from ubuntu_lxc failed on B-5.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1884024/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1908225] [NEW] iwd triggers WARN in net/wireless/nl80221.c
Public bug reported: On Linux wittgenstein 5.8.0-33-generic #36-Ubuntu SMP Wed Dec 9 09:14:40 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description:Ubuntu 20.10 Release:20.10 Codename: groovy iwd manages to trigger the following warn: [ 47.003606] NET: Registered protocol family 38 [ 47.306287] [ cut here ] [ 47.306318] WARNING: CPU: 1 PID: 1143 at net/wireless/nl80211.c:7288 nl80211_get_reg_do+0x1fc/0x230 [cfg80211] [ 47.306318] Modules linked in: ccm algif_aead des_generic libdes arc4 algif_skcipher cmac md4 algif_hash af_alg binfmt_misc zfs(PO) zunicode(PO) zavl(PO) icp(PO) nls_iso8859_1 zcommon(PO) znvpair(PO) spl(O) zlua(PO) snd_hda_codec_hdmi x86_pkg_temp_thermal snd_hda_codec_realtek intel_powerclamp snd_hda_codec_generic coretemp snd_hda_intel iwlmvm snd_intel_dspcfg mac80211 snd_hda_codec kvm_intel typec_displayport snd_hda_core kvm snd_hwdep snd_pcm joydev mei_hdcp libarc4 thinkpad_acpi nvram intel_rapl_msr ledtrig_audio snd_seq_midi rapl snd_seq_midi_event snd_rawmidi intel_cstate input_leds serio_raw uvcvideo snd_seq efi_pstore iwlwifi rmi_smbus btusb rmi_core btrtl snd_seq_device btbcm snd_timer videobuf2_vmalloc btintel videobuf2_memops videobuf2_v4l2 bluetooth videobuf2_common snd wmi_bmof intel_wmi_thunderbolt videodev ucsi_acpi cfg80211 processor_thermal_device typec_ucsi intel_xhci_usb_role_switch mc roles ecdh_generic int3400_thermal typec mac_hid soundcore ecc mei_me int3403_thermal [ 47.306348] intel_rapl_common acpi_thermal_rel acpi_pad int340x_thermal_zone mei intel_soc_dts_iosf intel_pch_thermal sch_fq_codel pkcs8_key_parser ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq libcrc32c dm_crypt uas usb_storage i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rc_core aesni_intel crypto_simd cryptd nvme glue_helper psmouse e1000e drm thunderbolt i2c_i801 xhci_pci i2c_smbus nvme_core xhci_pci_renesas wmi i2c_hid hid video [ 47.306369] CPU: 1 PID: 1143 Comm: iwd Tainted: P U O 5.8.0-33-generic #36-Ubuntu [ 47.306369] Hardware name: LENOVO 20KHCTO1WW/20KHCTO1WW, BIOS N23ET75W (1.50 ) 10/13/2020 [ 47.306392] RIP: 0010:nl80211_get_reg_do+0x1fc/0x230 [cfg80211] [ 47.306394] Code: 45 cc 01 00 00 00 e8 83 b6 70 ee 85 c0 0f 84 fd fe ff ff eb a8 4c 89 e7 48 89 45 c0 e8 dd ae b1 ee 48 8b 45 c0 e9 40 ff ff ff <0f> 0b 4c 89 e7 e8 ca ae b1 ee b8 ea ff ff ff e9 2c ff ff ff e9 7a [ 47.306395] RSP: 0018:ab21009d7b70 EFLAGS: 00010202 [ 47.306396] RAX: RBX: 0001 RCX: [ 47.306397] RDX: 98077b560008 RSI: RDI: 98077b5602e0 [ 47.306398] RBP: ab21009d7bb0 R08: 98077b5602e0 R09: 98078597b014 [ 47.306399] R10: R11: 001f R12: 98077d78a100 [ 47.306400] R13: ab21009d7bd0 R14: 98078597b014 R15: [ 47.306402] FS: 7fa3cbea0740() GS:98079164() knlGS: [ 47.306403] CS: 0010 DS: ES: CR0: 80050033 [ 47.306404] CR2: 7ffd949e7c40 CR3: 00048596c004 CR4: 003606e0 [ 47.306404] DR0: DR1: DR2: [ 47.306405] DR3: DR6: fffe0ff0 DR7: 0400 [ 47.306406] Call Trace: [ 47.306413] ? rtnl_lock+0x15/0x20 [ 47.306417] genl_family_rcv_msg+0x17b/0x290 [ 47.306420] genl_rcv_msg+0x4c/0xa0 [ 47.306421] ? genl_family_rcv_msg+0x290/0x290 [ 47.306423] netlink_rcv_skb+0x4e/0x110 [ 47.306425] genl_rcv+0x29/0x40 [ 47.306427] netlink_unicast+0x218/0x330 [ 47.306429] netlink_sendmsg+0x23b/0x460 [ 47.306431] ? aa_sk_perm+0x43/0x1b0 [ 47.306434] sock_sendmsg+0x65/0x70 [ 47.306435] __sys_sendto+0x113/0x190 [ 47.306439] ? __secure_computing+0x42/0xe0 [ 47.306442] ? syscall_trace_enter+0xaf/0x270 [ 47.306475] __x64_sys_sendto+0x29/0x30 [ 47.306478] do_syscall_64+0x49/0xc0 [ 47.306480] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.306481] RIP: 0033:0x7fa3cbfbd6c0 [ 47.306483] Code: c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 1d 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 68 c3 0f 1f 80 00 00 00 00 55 48 83 ec 20 48 [ 47.306484] RSP: 002b:7ffd949ec2f8 EFLAGS: 0246 ORIG_RAX: 002c [ 47.306485] RAX: ffda RBX: 5640b5603b00 RCX: 7fa3cbfbd6c0 [ 47.306486] RDX: 001c RSI: 5640b560eff0 RDI: 0004 [ 47.306486] RBP: 5640b560e8e0 R08: R09: [ 47.306487] R10: R11: 0246 R12: 7ffd949ec35c [ 47.306488] R13: 7ffd949ec358 R14: 5640b560d790 R15: [ 47.306490] ---[ end trace 4bb70ad9a9020389 ]--- This is located in: static int nl80211_get_reg_do(struct
[Bug 1908227] Re: iwd triggers WARN in net/wireless/nl80221.c
> ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s31f6: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 8c:16:45:e0:3b:f5 brd ff:ff:ff:ff:ff:ff 4: wlan0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 3c:6a:a7:16:8c:cb brd ff:ff:ff:ff:ff:ff inet 192.168.178.21/24 brd 192.168.178.255 scope global wlan0 valid_lft forever preferred_lft forever inet6 fd00::2103:753d:5063:ec5e/64 scope global temporary dynamic valid_lft 6647sec preferred_lft 3047sec inet6 fd00::3e6a:a7ff:fe16:8ccb/64 scope global dynamic mngtmpaddr valid_lft 6647sec preferred_lft 3047sec inet6 fe80::3e6a:a7ff:fe16:8ccb/64 scope link valid_lft forever preferred_lft forever 5: lxcbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0 valid_lft forever preferred_lft forever -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908227 Title: iwd triggers WARN in net/wireless/nl80221.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1908227/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1908227] [NEW] iwd triggers WARN in net/wireless/nl80221.c
Public bug reported: On Linux wittgenstein 5.8.0-33-generic #36-Ubuntu SMP Wed Dec 9 09:14:40 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description:Ubuntu 20.10 Release:20.10 Codename: groovy iwd manages to trigger the following warn: [ 47.003606] NET: Registered protocol family 38 [ 47.306287] [ cut here ] [ 47.306318] WARNING: CPU: 1 PID: 1143 at net/wireless/nl80211.c:7288 nl80211_get_reg_do+0x1fc/0x230 [cfg80211] [ 47.306318] Modules linked in: ccm algif_aead des_generic libdes arc4 algif_skcipher cmac md4 algif_hash af_alg binfmt_misc zfs(PO) zunicode(PO) zavl(PO) icp(PO) nls_iso8859_1 zcommon(PO) znvpair(PO) spl(O) zlua(PO) snd_hda_codec_hdmi x86_pkg_temp_thermal snd_hda_codec_realtek intel_powerclamp snd_hda_codec_generic coretemp snd_hda_intel iwlmvm snd_intel_dspcfg mac80211 snd_hda_codec kvm_intel typec_displayport snd_hda_core kvm snd_hwdep snd_pcm joydev mei_hdcp libarc4 thinkpad_acpi nvram intel_rapl_msr ledtrig_audio snd_seq_midi rapl snd_seq_midi_event snd_rawmidi intel_cstate input_leds serio_raw uvcvideo snd_seq efi_pstore iwlwifi rmi_smbus btusb rmi_core btrtl snd_seq_device btbcm snd_timer videobuf2_vmalloc btintel videobuf2_memops videobuf2_v4l2 bluetooth videobuf2_common snd wmi_bmof intel_wmi_thunderbolt videodev ucsi_acpi cfg80211 processor_thermal_device typec_ucsi intel_xhci_usb_role_switch mc roles ecdh_generic int3400_thermal typec mac_hid soundcore ecc mei_me int3403_thermal [ 47.306348] intel_rapl_common acpi_thermal_rel acpi_pad int340x_thermal_zone mei intel_soc_dts_iosf intel_pch_thermal sch_fq_codel pkcs8_key_parser ip_tables x_tables autofs4 btrfs blake2b_generic xor raid6_pq libcrc32c dm_crypt uas usb_storage i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rc_core aesni_intel crypto_simd cryptd nvme glue_helper psmouse e1000e drm thunderbolt i2c_i801 xhci_pci i2c_smbus nvme_core xhci_pci_renesas wmi i2c_hid hid video [ 47.306369] CPU: 1 PID: 1143 Comm: iwd Tainted: P U O 5.8.0-33-generic #36-Ubuntu [ 47.306369] Hardware name: LENOVO 20KHCTO1WW/20KHCTO1WW, BIOS N23ET75W (1.50 ) 10/13/2020 [ 47.306392] RIP: 0010:nl80211_get_reg_do+0x1fc/0x230 [cfg80211] [ 47.306394] Code: 45 cc 01 00 00 00 e8 83 b6 70 ee 85 c0 0f 84 fd fe ff ff eb a8 4c 89 e7 48 89 45 c0 e8 dd ae b1 ee 48 8b 45 c0 e9 40 ff ff ff <0f> 0b 4c 89 e7 e8 ca ae b1 ee b8 ea ff ff ff e9 2c ff ff ff e9 7a [ 47.306395] RSP: 0018:ab21009d7b70 EFLAGS: 00010202 [ 47.306396] RAX: RBX: 0001 RCX: [ 47.306397] RDX: 98077b560008 RSI: RDI: 98077b5602e0 [ 47.306398] RBP: ab21009d7bb0 R08: 98077b5602e0 R09: 98078597b014 [ 47.306399] R10: R11: 001f R12: 98077d78a100 [ 47.306400] R13: ab21009d7bd0 R14: 98078597b014 R15: [ 47.306402] FS: 7fa3cbea0740() GS:98079164() knlGS: [ 47.306403] CS: 0010 DS: ES: CR0: 80050033 [ 47.306404] CR2: 7ffd949e7c40 CR3: 00048596c004 CR4: 003606e0 [ 47.306404] DR0: DR1: DR2: [ 47.306405] DR3: DR6: fffe0ff0 DR7: 0400 [ 47.306406] Call Trace: [ 47.306413] ? rtnl_lock+0x15/0x20 [ 47.306417] genl_family_rcv_msg+0x17b/0x290 [ 47.306420] genl_rcv_msg+0x4c/0xa0 [ 47.306421] ? genl_family_rcv_msg+0x290/0x290 [ 47.306423] netlink_rcv_skb+0x4e/0x110 [ 47.306425] genl_rcv+0x29/0x40 [ 47.306427] netlink_unicast+0x218/0x330 [ 47.306429] netlink_sendmsg+0x23b/0x460 [ 47.306431] ? aa_sk_perm+0x43/0x1b0 [ 47.306434] sock_sendmsg+0x65/0x70 [ 47.306435] __sys_sendto+0x113/0x190 [ 47.306439] ? __secure_computing+0x42/0xe0 [ 47.306442] ? syscall_trace_enter+0xaf/0x270 [ 47.306475] __x64_sys_sendto+0x29/0x30 [ 47.306478] do_syscall_64+0x49/0xc0 [ 47.306480] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.306481] RIP: 0033:0x7fa3cbfbd6c0 [ 47.306483] Code: c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 1d 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 68 c3 0f 1f 80 00 00 00 00 55 48 83 ec 20 48 [ 47.306484] RSP: 002b:7ffd949ec2f8 EFLAGS: 0246 ORIG_RAX: 002c [ 47.306485] RAX: ffda RBX: 5640b5603b00 RCX: 7fa3cbfbd6c0 [ 47.306486] RDX: 001c RSI: 5640b560eff0 RDI: 0004 [ 47.306486] RBP: 5640b560e8e0 R08: R09: [ 47.306487] R10: R11: 0246 R12: 7ffd949ec35c [ 47.306488] R13: 7ffd949ec358 R14: 5640b560d790 R15: [ 47.306490] ---[ end trace 4bb70ad9a9020389 ]--- This is located in: static int nl80211_get_reg_do(struct
[Bug 1895132] Re: s390x broken with unknown syscall number on kernels < 5.8
This needs to be backported to our 5.4 kernels. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895132 Title: s390x broken with unknown syscall number on kernels < 5.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1895132/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895132] [NEW] s390x broken with unknown syscall number on kernels < 5.8
Public bug reported:
SRU Justification
Impact: On kernels prior to 5.8 when a task is in traced state (due to
audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel
doesn't know about s390x will not return ENOSYS in r2 but instead will
return the syscall number. This breaks userspace all over the place. The
following program compiled on s390x will output 500 instead of -ENOSYS:
root@test:~# cat test.c
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
static inline int dummy_inline_asm(void)
{
register long r1 asm("r1") = 500;
register long r2 asm("r2") = -1;
register long r3 asm("r3") = -1;
register long r4 asm("r4") = -1;
register long r5 asm("r5") = -1;
register long __res_r2 asm("r2");
asm volatile(
"svc 0\n\t"
: "=d"(__res_r2)
: "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)
: "memory");
return (int) __res_r2;
}
static inline int dummy_syscall(void)
{
return syscall(500, -1, -1, -1, -1);
}
int main(int argc, char *argv[])
{
printf("Uhm: %d\n", dummy_inline_asm());
printf("Uhm: %d\n", dummy_syscall());
exit(EXIT_SUCCESS);
}
This breaks LXD on s390x currently completely as well as strace.
Fix: Backport
commit cd29fa798001075a554b978df3a64e6656c25794
Author: Sven Schnelle
Date: Fri Mar 6 13:18:31 2020 +0100
s390/ptrace: return -ENOSYS when invalid syscall is supplied
The current code returns the syscall number which an invalid
syscall number is supplied and tracing is enabled. This makes
the strace testsuite fail.
Signed-off-by: Sven Schnelle
Signed-off-by: Vasily Gorbik
which got released with 5.8. The commit missed to Cc stable and although
I've asked Sven to include it in stable I'm not sure when or if it will
show up there.
Regression Potential: Limited to s390x.
Test Case: The reproducer given above needs to output -ENOSYS instead of
500.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Description changed:
SRU Justification
Impact: On kernels prior to 5.8 when a task is in traced state (due to
audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel
doesn't know about s390x will not return ENOSYS in r2 but instead will
return the syscall number. This breaks userspace all over the place. The
following program compiled on s390x will output 500 instead of -ENOSYS:
root@test:~# cat test.c
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
static inline int dummy_inline_asm(void)
{
- register long r1 asm("r1") = 500;
- register long r2 asm("r2") = -1;
- register long r3 asm("r3") = -1;
- register long r4 asm("r4") = -1;
- register long r5 asm("r5") = -1;
- register long __res_r2 asm("r2");
- asm volatile(
- "svc 0\n\t"
- : "=d"(__res_r2)
- : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)
- : "memory");
- return (int) __res_r2;
+ register long r1 asm("r1") = 500;
+ register long r2 asm("r2") = -1;
+ register long r3 asm("r3") = -1;
+ register long r4 asm("r4") = -1;
+ register long r5 asm("r5") = -1;
+ register long __res_r2 asm("r2");
+ asm volatile(
+ "svc 0\n\t"
+ : "=d"(__res_r2)
+ : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)
+ : "memory");
+ return (int) __res_r2;
}
static inline int dummy_syscall(void)
{
- return syscall(500, -1, -1, -1, -1);
+ return syscall(500, -1, -1, -1, -1);
}
int main(int argc, char *argv[])
{
- printf("Uhm: %d\n", dummy_inline_asm());
- printf("Uhm: %d\n", dummy_syscall());
+ printf("Uhm: %d\n", dummy_inline_asm());
+ printf("Uhm: %d\n", dummy_syscall());
- exit(EXIT_SUCCESS);
+ exit(EXIT_SUCCESS);
}
+
+ This breaks LXD on s390x currently completely as well as strace.
Fix: Backport
commit cd29fa798001075a554b978df3a64e6656c25794
Author: Sven Schnelle
Date: Fri Mar 6 13:18:31 2020 +0100
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
+ s390/ptrace: return -ENOSYS when invalid syscall is supplied
- The current code returns the syscall number which an invalid
- syscall number is supplied and tracing is enabled. This makes
- the strace testsuite fail.
+ The current code returns the syscall number which an invalid
+ syscall number is supplied and tracing is enabled. This makes
+ the strace testsuite fail.
- Signed-off-by: Sven
[Bug 1888705] Re: lxc ftbfs against libselinux 3.1
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888705 Title: lxc ftbfs against libselinux 3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888705] Re: lxc ftbfs against libselinux 3.1
https://github.com/lxc/lxc/pull/3498 ** Changed in: lxc (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888705 Title: lxc ftbfs against libselinux 3.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1886790] Re: lxc 3.0.3-0ubuntu1~18.04.1 ADT test failure with 5.4 kernels in Bionic
This is a bug we fixed in our stable-3.0 branch and is fixed in the Ubuntu lxc 3.0.4 packages. See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1848587 and specifically this commit: commit 11fc6882f7bfd40fbcda6a3a7f7c1bca50df3f2b Author: Christian Brauner Date: Mon Nov 18 15:08:22 2019 +0100 tests: use /dev/loop-control instead of /dev/network_latency BugLink: https://bugs.launchpad.net/bugs/1848587 The latter device has been removed apparently. Bionic didn't get the 3.0.4 upgrade? That seems odd. ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886790 Title: lxc 3.0.3-0ubuntu1~18.04.1 ADT test failure with 5.4 kernels in Bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1886790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884767] Re: shiftfs: fix btrfs regression
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884767 Title: shiftfs: fix btrfs regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884635] Re: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884635 Title: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884635] Re: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884635 Title: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884635] Re: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2
This is a regression in overlayfs for the 5.8 kernel. The same test works fine on an earlier kernel with the same lxc version. ** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884635 Title: lxc 1:4.0.2-0ubuntu1 ADT test failure with linux-5.8 5.8.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1884635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1884767] [NEW] shiftfs: fix btrfs regression
Public bug reported: SRU Justification Impact: The patch commit cfaa482afb97e3c05d020af80b897b061109d51f Author: Christian Brauner Date: Tue Apr 14 22:26:53 2020 +0200 UBUNTU: SAUCE: shiftfs: fix dentry revalidation BugLink: https://bugs.launchpad.net/bugs/1872757 to fix https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757 regresses various btrfs + shiftfs users. Creating a btrfs subvolume, deleting it, and then trying to recreate it will cause EEXIST to be returned. It also leaves some files in a half-visible state because they are not revalidated correctly. Faulty behavior such as this can be reproduced via: btrfs subvolume create my-subvol btrfs subvolume delete my-subvol Fix: We need to revert this patch restoring the old behavior. This will briefly resurface https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757 which I will fix in a follow-up patch on top of this revert. We basically split the part that fixes https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757 out of the revert. Regression Potential: Limited to shiftfs. Test Case: Build a kernel with fix applied and run above reproducer. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Status: New => Incomplete ** Changed in: linux (Ubuntu) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884767 Title: shiftfs: fix btrfs regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879688] Re: shiftfs: fix btrfs snapshot deletion
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879688 Title: shiftfs: fix btrfs snapshot deletion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879688/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879688] Re: shiftfs: fix btrfs snapshot deletion
Confirmed this is fixed: brauner@wittgenstein|~ > lxc shell f1-vm root@f1-vm:~# lxc shell f1 root@f1:~# btrfs subvolume create my-subvol root@f1:~# chown 1000:1000 my-subvol root@f1:~# btrfs subvolume delete my-subvol Delete subvolume (no-commit): '/root/my-subvol' ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879688 Title: shiftfs: fix btrfs snapshot deletion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879688/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879688] [NEW] shiftfs: fix btrfs snapshot deletion
Public bug reported: SRU Justification Impact: Stéphane discovered a problem during NorthSec which makes heavy use of shiftfs. In containers with a btrfs root filesystem that make use of shiftfs userns root is not able to delete subvolumes that have been created by another users which it would be able to do otherwise. This makes it impossible for LXD to delete nested containers. To reproduce this as root in the container: btrfs subvolume create my-subvol chown 1000:1000 my-subvol btrfs subvolume delete my-subvol The deletion will fail when it should have succeeded. Fix: For improved security we drop all capabilities before we forward btrfs ioctls in shiftfs. To fix the above problem we can retain the CAP_DAC_OVERRIDE capability only if we are userns root. Regression Potential: Limited to shiftfs. Even though we drop all capabilities in all capability sets we really mostly care about dropping CAP_SYS_ADMIN and we mostly do this for ioctl that e.g. allow you to traverse the btrfs filesystem and with CAP_SYS_ADMIN retained in the underlay would allow you to list subvolumes you shouldn't be able to list. This fix only retains CAP_DAC_OVERRIDE and only for the deletion of subvolumes and only by userns root. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: Confirmed ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879688 Title: shiftfs: fix btrfs snapshot deletion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879688/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879196] Re: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches
James, can you try this kernel, please: https://drive.google.com/open?id =19iTwaFSYNS95_I-gD_rvFoV9cMAfy6io -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879196 Title: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879454] Re: Set CONFIG_USELIB=n in Ubuntu kernels
So I've gone through codesearch on Debian and there are no users apart from a bunch of defines for __NR_uselib when it isn't defined. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879454 Title: Set CONFIG_USELIB=n in Ubuntu kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879454/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879454] [NEW] Set CONFIG_USELIB=n in Ubuntu kernels
Public bug reported: We're currently planning to be more proactive in deprecating the uselib() syscall similar to how we deprecated the sysctl() syscall. This will be a long process of course but the starting point is to set CONFIG_USELIB=n in all new Ubuntu versions. I spoke to Eric and apparently RHEL 8 has it disabled too. The regression potential is quite minimal as this interface should have very few users and libc hasn't used it since libc4 or libc5. I was wondering what people's opinion on this were. The thread is: https://lore.kernel.org/lkml/20200518130251.zih2s32q2rxhxg6f@wittgenstein https://lore.kernel.org/lkml/cag48ez1fspvvypjso6badg7vb84ktudqjrk1d7vyhrm06ai...@mail.gmail.com https://lore.kernel.org/lkml/20200518144627.sv5nesysvtgxwkp7@wittgenstein https://lore.kernel.org/lkml/87blmk3ig4@x220.int.ebiederm.org ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879454 Title: Set CONFIG_USELIB=n in Ubuntu kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879454/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879196] Re: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches
I have a fix for this note, that this is a regression we introduced by another fix. I also want to put this cautious note here so people better understand why shiftfs has such bugs and why they are not simple idiot regressions but rather intricate to fix: Note, in general it's not advisable to directly modify the underlay while a shiftfs mount is on top. In some way this means we need to keep two caches in sync and it's hard enough to keep a single cache happy. But shiftfs' use-case is inherently prone to be used for exactly that. So this is something we have to navigate carefully and honestly we have no full model upstream that does the same. Overlayfs has the copy-up behavior which let's it get around most of the issues but we don't have it and ecryptfs is broken in such scenarios which we verified quite a while back. In any case, I built a kernel with this patch and re-ran all regressions that are related to this that we have so far (cf. [1], [2], and [3]). None of them were reproducible with this patch here. So we still fix the ESTALE issue but also keep underlay and overlay in sync. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879196 Title: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1879196] Re: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches
** Changed in: linux (Ubuntu) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1879196 Title: 'shifted' (shiftfs) FS mount became inconsistent with host FS; resolved by dropping caches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1879196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872757] Re: shiftfs: O_TMPFILE reports ESTALE
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872757 Title: shiftfs: O_TMPFILE reports ESTALE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1824719] Re: shiftfs: Allow stacking overlayfs on top
** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824719 Title: shiftfs: Allow stacking overlayfs on top To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824719/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872094] Re: shiftfs: broken shiftfs nesting
** Tags removed: verification-needed-eoan verification-needed-focal ** Tags added: verification-done-eoan verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872757] Re: shiftfs: O_TMPFILE reports ESTALE
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872757 Title: shiftfs: O_TMPFILE reports ESTALE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1876645] Re: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan
On Wed, May 06, 2020 at 10:32:19AM -, Kleber Sacilotto de Souza wrote: > With the fixup patch applied, I could not reproduce the issue anymore on > both Eoan and Focal running ubuntu_fan_smoke_test and > ubuntu_docker_smoke_test. Sweet, thank you and sorry for the rebase mess-up with Andrei's patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1876645 Title: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1876645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857257] Re: linux-image-5.0.0-35-generic breaks checkpointing of container
Fix here: https://lists.ubuntu.com/archives/kernel-team/2020-May/109617.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857257 Title: linux-image-5.0.0-35-generic breaks checkpointing of container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1876645] Re: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan
** Changed in: linux (Ubuntu) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu Eoan) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu Focal) Status: New => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu Eoan) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu Focal) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1876645 Title: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1876645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1876645] Re: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan
Fix here: https://lists.ubuntu.com/archives/kernel-team/2020-May/109617.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1876645 Title: Unable to handle kernel pointer dereference in virtual kernel address space on Eoan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1876645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857257] Re: linux-image-5.0.0-35-generic breaks checkpointing of container
Yeah, that patch is buggy and I think this might've been my fault actually. The fix should be: diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 9d16fff5342a..fbec523a67c9 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -42,6 +42,7 @@ static struct file *ovl_open_realfile(const struct file *file, int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY; old_cred = ovl_override_creds(inode->i_sb); + ovl_path_real(file->f_path.dentry, ); if (realpath.dentry->d_sb->s_magic == SHIFTFS_MAGIC) realfile = open_with_fake_path(, flags, realinode, current_cred()); -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857257 Title: linux-image-5.0.0-35-generic breaks checkpointing of container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872757] Re: shiftfs: O_TMPFILE reports ESTALE
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872757 Title: shiftfs: O_TMPFILE reports ESTALE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857257] Re: linux-image-5.0.0-35-generic breaks checkpointing of container
** Changed in: linux (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857257 Title: linux-image-5.0.0-35-generic breaks checkpointing of container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872757] Re: shiftfs: O_TMPFILE reports ESTALE
** Description changed:
SRU Justification
Impact: Christian Kellner reported that creating temporary files via
O_TMPFILE shiftfs reports ESTALE. This can be reproduced via:
import tempfile
import os
-
def test():
- with tempfile.TemporaryFile() as fd:
- fd.write("data".encode('utf-8'))
- # re-open the file to get a read-only file descriptor
- return open(f"/proc/self/fd/{fd.fileno()}", "r")
-
+ with tempfile.TemporaryFile() as fd:
+ fd.write("data".encode('utf-8'))
+ # re-open the file to get a read-only file descriptor
+ return open(f"/proc/self/fd/{fd.fileno()}", "r")
def main():
-fd = test()
-fd.close()
-
+ fd = test()
+ fd.close()
if __name__ == "__main__":
- main()
+ main()
a similar issue was reported here:
https://github.com/systemd/systemd/issues/14861
+ Fix: Our revalidate methods were very opinionated about whether or not a
+ dentry was valid when we really should've just let the underlay tell us
+ what's what. This has led to bugs where a ESTALE was returned for e.g.
+ temporary files that were created and directly re-opened afterwards
+ through /proc//fd/. When a file is re-opened
+ through /proc//fd/ LOOKUP_JUMP is set and the vfs will
+ revalidate via d_weak_revalidate(). Since the file has been unhashed or
+ even already gone negative we'd fail the open when we should've
+ succeeded.
+
+ I had also foolishly provided a .tmpfile method which so far only has
+ caused us trouble. If we really need this then we can reimplement it
+ properly but I doubt it. Remove it for now.
+
Regression Potential: Limited to shiftfs.
Test Case: Build a kernel with fix applied and run above reproducer.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872757
Title:
shiftfs: O_TMPFILE reports ESTALE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872757] [NEW] shiftfs: O_TMPFILE reports ESTALE
Public bug reported:
SRU Justification
Impact: Christian Kellner reported that creating temporary files via
O_TMPFILE shiftfs reports ESTALE. This can be reproduced via:
import tempfile
import os
def test():
with tempfile.TemporaryFile() as fd:
fd.write("data".encode('utf-8'))
# re-open the file to get a read-only file descriptor
return open(f"/proc/self/fd/{fd.fileno()}", "r")
def main():
fd = test()
fd.close()
if __name__ == "__main__":
main()
a similar issue was reported here:
https://github.com/systemd/systemd/issues/14861
Regression Potential: Limited to shiftfs.
Test Case: Build a kernel with fix applied and run above reproducer.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Christian Brauner (cbrauner)
Status: In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Christian Brauner (cbrauner)
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872757
Title:
shiftfs: O_TMPFILE reports ESTALE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872757/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872094] [NEW] shiftfs: broken shiftfs nesting
Public bug reported: SRU Justification Impact: When nested containers use shiftfs and they have different id mappings the nested container lacks privileges to create any files in its root filesystem unless the directory in question is very permissive. This prevents nested containers from being usable. Here is a reproducer as given by Stéphane: Reproducer: - lxc init images:ubuntu/bionic b1 -c security.nesting=true - Confirm b1 uses shiftfs and uses the default map root@b1:~# cat /proc/self/uid_map 0100 10 root@b1:~# grep shiftfs /proc/self/mountinfo 3702 2266 0:92 / / rw,relatime - shiftfs /var/lib/lxd/storage-pools/default/containers/b1/rootfs rw,passthrough=3 - Install LXD snap in there - snap set lxd shiftfs.enable=true - systemctl reload snap.lxd.daemon - lxd init --auto - lxc launch images:alpine/edge a1 - Confirm that a1 uses a different map than b1 - Confirm that a1 uses shiftfs - touch /etc/a should fail with EACCES Fix: Instead of recording the credentials of the process that created the innermost shiftfs mount we need to record the credentials of the lowers creator of the first shiftfs mark mount since we always refer back to the lowers mount to get around vfs layering restrictions. Regression Potential: Limited to shiftfs. Test Case: Built a kernel with the mentioned fix and ran the reproducer. The issue was not reproducible. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872094] Re: shiftfs: broken shiftfs nesting
This should preferably be backported to all LTS kernels that support shiftfs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872094] Re: shiftfs: broken shiftfs nesting
See https://github.com/brauner/ubuntu-unstable/commits/2020-04-10/shiftfs_nesting for fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872094 Title: shiftfs: broken shiftfs nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872094/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1869661] Re: lxc 3.23 (?) breaks nested lxd with snaps
I think that's already fixed in the edge snap but we haven't yet rolled that out to stable. Can you test with edge? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1869661 Title: lxc 3.23 (?) breaks nested lxd with snaps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1869661/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1865359] Re: sysfs: incorrect network device permissions on network namespace change
On March 27, 2020 10:57:17 PM GMT+01:00, Seth Forshee wrote: >Applied the patches from linux-next, plus one additional fix I saw, >"sysfs: fix static inline declaration of sysfs_groups_change_owner()". >@Christian, please let me know if there are any other fixes we need to >grab. > >** Changed in: linux (Ubuntu Focal) > Status: In Progress => Fix Committed Nope, no additional fixes. This is great, thank you for doing this! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865359 Title: sysfs: incorrect network device permissions on network namespace change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1865359/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1857046] Re: lxc 3.0.4-0ubuntu2 ADT test failure with linux 5.5.0-2.3
No, but might have been an allocation error which we fixed in the meantime. The error can only come from: ENOMEM The kernel could not allocate a free page to copy filenames or data into. That's the only reason mount() can fail with ENOMEM from just glancing at the manpage. I'll take another close look at the codepath now, to make sure that there's not an obvious bug in there but otherwise I'd close and see if this happens again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857046 Title: lxc 3.0.4-0ubuntu2 ADT test failure with linux 5.5.0-2.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1857046/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860041] Re: shiftfs: prevent lower dentries from going negative during unlink
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860041 Title: shiftfs: prevent lower dentries from going negative during unlink To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860041/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865359] Re: sysfs: incorrect network device permissions on network namespace change
That's an old version, sorry. It's already in Dave's tree. The merge commit is here: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=ebb4a4bf76f164457184a3f43ebc1552416bc823 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865359 Title: sysfs: incorrect network device permissions on network namespace change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1865359/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865359] [NEW] sysfs: incorrect network device permissions on network namespace change
Public bug reported: SRU Justification Impact: patchsets.) We have been struggling with a bug surrounding the ownership of network device sysfs files when moving network devices between network namespaces owned by different user namespaces reported by multiple users. Currently, when moving network devices between network namespaces the ownership of the corresponding sysfs entries is not changed. This leads to problems when tools try to operate on the corresponding sysfs files. I also causes a bug when creating a network device in a network namespaces owned by a user namespace and moving that network device back to the host network namespaces. Because when a network device is created in a network namespaces it will be owned by the root user of the user namespace and all its associated sysfs files will also be owned by the root user of the corresponding user namespace. If such a network device has to be moved back to the host network namespace the permissions will still be set to the root user of the owning user namespaces of the originating network namespace. This means unprivileged users can e.g. re-trigger uevents for such incorrectly owned devices on the host or in other network namespaces. They can also modify the settings of the device itself through sysfs when they wouldn't be able to do the same through netlink. Both of these things are unwanted. For example, quite a few workloads will create network devices in the host network namespace. Other tools will then proceed to move such devices between network namespaces owner by other user namespaces. While the ownership of the device itself is updated in net/core/net-sysfs.c:dev_change_net_namespace() the corresponding sysfs entry for the device is not. Below you'll find that moving a network device (here a veth device) from a network namespace into another network namespaces owned by a different user namespace with a different id mapping. As you can see the permissions are wrong even though it is owned by the userns root user after it has been moved and can be interacted with through netlink: drwxr-xr-x 5 nobody nobody0 Jan 25 18:08 . drwxr-xr-x 9 nobody nobody0 Jan 25 18:08 .. -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 addr_assign_type -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 addr_len -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 address -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 broadcast -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 carrier -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 carrier_changes -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 carrier_down_count -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 carrier_up_count -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 dev_id -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 dev_port -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 dormant -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 duplex -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 flags -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 gro_flush_timeout -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 ifalias -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 ifindex -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 iflink -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 link_mode -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 mtu -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 name_assign_type -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 netdev_group -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 operstate -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 phys_port_id -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 phys_port_name -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 phys_switch_id drwxr-xr-x 2 nobody nobody0 Jan 25 18:09 power -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 proto_down drwxr-xr-x 4 nobody nobody0 Jan 25 18:09 queues -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 speed drwxr-xr-x 2 nobody nobody0 Jan 25 18:09 statistics lrwxrwxrwx 1 nobody nobody0 Jan 25 18:08 subsystem -> ../../../../class/net -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:09 tx_queue_len -r--r--r-- 1 nobody nobody 4096 Jan 25 18:09 type -rw-r--r-- 1 nobody nobody 4096 Jan 25 18:08 uevent Constrast this with creating a device of the same type in the network namespace directly. In this case the device's sysfs permissions will be correctly updated. (Please also note, that in a lot of workloads this strategy of creating the network device directly in the network device to workaround this issue can not be used. Either because the network device is dedicated after it has been created or because it used by a process that is heavily sandboxed and couldn't create network devices itself.): drwxr-xr-x 5 root root 0 Jan 25 18:12 . drwxr-xr-x 9 nobody nobody0 Jan 25 18:08 .. -r--r--r-- 1 root root 4096 Jan 25 18:12 addr_assign_type -r--r--r-- 1 root root 4096 Jan 25 18:12 addr_len -r--r--r-- 1 root root 4096 Jan 25 18:12 address -r--r--r-- 1 root root 4096 Jan 25 18:12 broadcast -rw-r--r-- 1 root root 4096 Jan 25 18:12 carrier -r--r--r-- 1 root root
[Bug 1865359] Re: sysfs: incorrect network device permissions on network namespace change
The patch series has been acked upstream and is sitting in Dave Miller's tree. We should backport it to 5.4! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865359 Title: sysfs: incorrect network device permissions on network namespace change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1865359/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1860041] [NEW] shiftfs: prevent lower dentries from going negative during unlink
Public bug reported:
SRU Justification
Impact: All non-special files (For shiftfs this only includes fifos and
- for this case - unix sockets - since we don't allow character and
block devices to be created.) go through shiftfs_open() and have their
dentry pinned through this codepath preventing it from going negative.
But fifos don't use the shiftfs fops but rather use the pipefifo_fops
which means they do not go through shiftfs_open() and thus don't have
their dentry pinned that way. Thus, the lower dentries for such files
can go negative on unlink causing segfaults. The following C program can
be used to reproduce the crash:
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char *argv[])
{
struct stat stat;
unlink("./bbb");
int ret = mknod("./bbb", S_IFIFO|0666, 0);
if (ret < 0)
exit(1);
int fd = open("./bbb", O_RDWR);
if (fd < 0)
exit(2);
if (unlink("./bbb"))
exit(4);
fstat(fd, );
return 0;
}
Fix: Similar to ecryptfs we need to dget() the lower dentry before
calling vfs_unlink() on it and dput() it afterwards.
Regression Potential: Limited to shiftfs.
Test Case: Compiled a kernel with the fix and used the reproducer above
to verify that the kernel cannot be crashed anymore.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Christian Brauner (cbrauner)
Status: In Progress
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Christian Brauner (cbrauner)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1860041
Title:
shiftfs: prevent lower dentries from going negative during unlink
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860041/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1858799] Re: lxc ADT test failure on Bionic with linux-raspi2-5.3 arm64
This might be caused by changes to busybox since this looks like it's testing liblxc-3.0.4. In any case, I believe that the following commit in the stable-3.0 tree would fix it: https://github.com/lxc/lxc/commit/3daa49d845b153dfb2012b61dba763cbc6e11374 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1858799 Title: lxc ADT test failure on Bionic with linux-raspi2-5.3 arm64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1858799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1857257] Re: linux-image-5.0.0-35-generic breaks checkpointing of container
On Tue, Jan 07, 2020 at 07:07:36PM -, Andrew Vagin wrote: > The root cause of this fail is a wrong mount ID which is reported for > file mappings: If you have cycles to come up with a patch to fix this that would be appreciated. Otherwise this will end up lower in my priority queue since my backlog is quite full atm. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857257 Title: linux-image-5.0.0-35-generic breaks checkpointing of container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
On Mon, Dec 09, 2019 at 08:41:18PM -, Ryutaroh Matsumoto wrote: > https://github.com/lxc/lxc/issues/3221 Another LXC-container-doesn't > -start-at-all type issue also observed on Ubuntu Eoan with > systemd.unified_cgroup_hierarchy as well as Fedora 31. That seems specific to LXC stable-3.0 which had barebone unified hierarchy support to deal with systemd hyrbid cgroup layouts. However the changes to git master which enable full cgroup2 compatibility have been backported to the stable-3.0 branch and will be released with the next bugfix release. In other words, the start-at-all on a pure unified layout with 3.0.4 is expected unfortunately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855513] Re: log file
** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855513 Title: log file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1855513/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
https://github.com/lxc/lxc/issues/3198#issuecomment-562064091 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849482] Re: shiftfs: fix fallocate()
** Tags removed: verification-needed-disco verification-needed-eoan ** Tags added: verification-done-disco verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849482 Title: shiftfs: fix fallocate() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849482/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849483] Re: shiftfs: prevent exceeding project quotas
** Tags removed: verification-needed-disco verification-needed-eoan ** Tags added: verification-done-disco verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849483 Title: shiftfs: prevent exceeding project quotas To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849281] Re: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
** Tags removed: verification-needed-disco verification-needed-eoan ** Tags added: verification-done-disco verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849281 Title: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1849281/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1848587] Re: lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2
** Changed in: lxc (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848587 Title: lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1848587/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1848587] Re: lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2
Sorry, mail got lost. Here's a fix: https://github.com/lxc/lxc/pull/3187 ** Changed in: lxc (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848587 Title: lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1848587/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846265] Re: shiftfs: rework how shiftfs opens files
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846265 Title: shiftfs: rework how shiftfs opens files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846272] Re: overlayfs: allow with shiftfs as underlay
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846272 Title: overlayfs: allow with shiftfs as underlay To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847744] Re: seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
** Tags removed: verification-needed-disco verification-needed-eoan ** Tags added: verification-done-disco verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847744 Title: seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1847744/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849483] [NEW] shiftfs: prevent exceeding project quotas
Public bug reported: SRU Justification Impact: Currently shiftfs allows to exceed project quota and reserved space on e.g. ext2. See https://github.com/lxc/lxd/issues/6333 for a report, specifically https://github.com/lxc/lxd/issues/6333#issuecomment-545154838. This is caused by overriding the credentials with the superblock creator's credentials whenever we perform operations such as fallocate() or writes while retaining CAP_SYS_RESOURCE. Fix: Drop CAP_SYS_RESOURCE at superblock creation time from the effective capability set. Regression Potential: Limited to shiftfs. Dropping CAP_SYS_RESOURCE from the effective capability set should be fine and actually give us more security. Test Case: Try to exceed project quotas on a kernel and filesystem that supports them and see that it fails with the mentioned fix applied. Target Kernels: All LTS kernels with shiftfs support. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849483 Title: shiftfs: prevent exceeding project quotas To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849482] [NEW] shiftfs: fix fallocate()
Public bug reported: SRU Justification Impact: Currently shiftfs limits the maximum size for fallocate() needlessly causing calls such as fallocate --length 2GB ./file to fail. This limitation is arbitrary since it's not caused by the underlay but rather by shiftfs itself capping the s_maxbytes. This causes bugs such as the one reported in https://github.com/lxc/lxd/issues/6333. Fix: Currectly set up s_maxbytes when creating the shiftfs superblock. Regression Potential: Limited to shiftfs. Test Case: Try fallocate --length 3GB ./file on top of a filesystem with fallocate support on a fixed kernel and see that the call succeeds and the file is of the expected size. Target Kernels: All LTS kernels with shiftfs support. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849482 Title: shiftfs: fix fallocate() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849482/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846272] Re: overlayfs: allow with shiftfs as underlay
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846272 Title: overlayfs: allow with shiftfs as underlay To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849281] [NEW] seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
Public bug reported: SRU Justification Impact: We recently backported SECCOMP_USER_NOTIF_FLAG_CONTINUE in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1847744. On a kernel that supports SECCOMP_FILTER_FLAG_NEW_LISTENER but not SECCOMP_USER_NOTIF_FLAG_CONTINUE the selftests currently fail to compile. The reason is that the ifndef for SECCOMP_USER_NOTIF_FLAG_CONTINUE is placed under the ifndef for SECCOMP_FILTER_FLAG_NEW_LISTENER. Fix: The ifndef for SECCOMP_USER_NOTIF_FLAG_CONTINUE was placed under the ifndef for the SECCOMP_FILTER_FLAG_NEW_LISTENER feature. This will not work on systems that do support SECCOMP_FILTER_FLAG_NEW_LISTENER but do not support SECCOMP_USER_NOTIF_FLAG_CONTINUE. So move the latter ifndef out of the former ifndef's scope. Regression Potential: Limited to seccomp selftests. Test Case: Compile the selftests on a kernel that supports SECCOMP_FILTER_FLAG_NEW_LISTENER but does not support SECCOMP_USER_NOTIF_FLAG_CONTINUE and see that compilations succeeds. Target Kernels: All current LTS kernels with access to a 5.0 kernel. Patches: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp=2aa8d8d04ca29c3269154e1d48855e498be8882f ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Status: New => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849281 Title: seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849281/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1843458] Re: linux 5.3 breaks building glibc for riscv64
Fwiw, Seth sent the patch upstream and it's in mainline and backported already: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61129dd29f7962f278b618a2a3e8fdb986a66dc8 ** Changed in: cross-toolchain-base-ports (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843458 Title: linux 5.3 breaks building glibc for riscv64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cross-toolchain-base-ports/+bug/1843458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1848587] [NEW] lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2
Is this a flake or consistently reproducible? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848587 Title: lxc 3.0.4-0ubuntu1 ADT test failure with linux 5.4.0-1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1848587/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847744] [NEW] seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
Public bug reported:
SRU Justification
Impact: Recently we landed seccomp support for SECCOMP_RET_USER_NOTIF
(cf. [4]) which enables a process (watchee) to retrieve an fd for its
seccomp filter. This fd can then be handed to another (usually more
privileged) process (watcher). The watcher will then be able to receive
seccomp messages about the syscalls having been performed by the
watchee.
This feature is heavily used in some userspace workloads. For example,
it is currently used to intercept mknod() syscalls in user namespaces
aka in containers. The mknod() syscall can be easily filtered based on
dev_t. This allows us to only intercept a very specific subset of
mknod() syscalls. Furthermore, mknod() is not possible in user
namespaces toto coelo and so intercepting and denying syscalls that are
not in the whitelist on accident is not a big deal. The watchee won't
notice a difference.
In contrast to mknod(), a lot of other syscall we intercept (e.g. setxattr())
cannot be easily filtered like mknod() because they have pointer arguments.
Additionally, some of them might actually succeed in user namespaces (e.g.
setxattr() for all "user.*" xattrs). Since we currently cannot tell seccomp to
continue from a user notifier we are stuck with performing all of the syscalls
in lieu of the container. This is a huge security liability since it is
extremely difficult to correctly assume all of the necessary privileges of the
calling task
such that the syscall can be successfully emulated without escaping other
additional security restrictions (think missing CAP_MKNOD for mknod(), or
MS_NODEV on a filesystem etc.). This can be solved by telling seccomp to resume
the syscall.
Fix: Allow the seccomp notifier to continue a syscall. A positive
discussion about this feature was triggered by a post to the ksummit-
discuss mailing list (cf. [3]) and took place during KSummit (cf. [1])
and again at the containers/checkpoint-restore micro-conference at Linux
Plumbers.
Regression Potential: Limited to seccomp. The patchset also comes with
proper selftests in addition to the large set of seccomp selftests that
are already there. This further reduces regression potential.
Test Case:
Compile a kernel with the patch applied and run the selftests or trap a syscall
via the notifier fd and set the newly introduced flag. The syscall should then
have continued.
Target Kernels: All current LTS kernels.
Patches:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp=fb3c5386b382d4097476ce9647260fc89b34afdb
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp=0eebfed2954f152259cae0ad57b91d3ea92968e8
/* References */
[1]: https://linuxplumbersconf.org/event/4/contributions/560
[2]: https://linuxplumbersconf.org/event/4/contributions/477
[3]: https://lore.kernel.org/r/20190719093538.dhyopljyr5ns3...@brauner.io
[4]: commit 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Christian Brauner (cbrauner)
Status: In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Christian Brauner (cbrauner)
** Changed in: linux (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847744
Title:
seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1847744/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1842059] Re: shiftfs: mark kmem_cache as reclaimable
** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1842059 Title: shiftfs: mark kmem_cache as reclaimable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1842059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841977] Re: shiftfs: drop entries from cache on unlink
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841977 Title: shiftfs: drop entries from cache on unlink To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1841977/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846272] [NEW] overlayfs: allow with shiftfs as underlay
Public bug reported:
SRU Justification
Impact: Currently it is not possible to use overlayfs on top of shiftfs.
This means Docker inside of LXD cannot make user of the overlay2 graph
driver which is blocking users such as Travis from making use of it
efficiently.
Regression Potential: Limited to shiftfs and overlayfs on top of
shiftfs. Overlayfs does prevent "remote" filesystems such as ceph, nfs,
etc. from being used as the underlay. With this patch shiftfs however
can be used as an underlay and we special case it as a suitable
filesystem to be used under overlayfs. I verified that the patch does
not lead to regression on overlayfs workloads that do not make use of
shiftfs as underlay. Additionally, I tested Docker with the overlay2
graphdriver on top of shiftfs. This also has not lead to any
regressions.
Test case: Building a kernel with the patch:
sudo snap install lxd
sudo lxd init
sudo lxc launch images:ubuntu/bionic b1
sudo lxc config set b1 security.nesting true
sudo lxc restart --force b1
sudo lxc shell b1
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
curl -fsSL get.docker.com | CHANNEL=test sh
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo systemctl stop docker
cat <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677 caused a
regression. The reproducer for this regression appended in
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1842382/comments/45
did show that the regression cannot be reproduced with the new patch.
Target kernels: All LTS kernels that do support shiftfs, if possible.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Christian Brauner (cbrauner)
Status: In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Christian Brauner (cbrauner)
** Changed in: linux (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1846272
Title:
overlayfs: allow with shiftfs as underlay
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846272/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846265] Re: shiftfs: rework how shiftfs opens files
** Changed in: linux (Ubuntu) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846265 Title: shiftfs: rework how shiftfs opens files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1846265] [NEW] shiftfs: rework how shiftfs opens files
Public bug reported: SRU Justification Impact: Currently, shiftfs maintains a kmem cache for struct shiftfs_file_info which stashes away a struct path and the struct file for the underlay. The path however is never used anywhere so the struct shiftfs_file_info and therefore the whole kmem cache can go away. This removes code and makes the whole logic simpler to understand and reason about. Fix: Remove the kmem cache for struct shiftfs_file_info and struct shiftfs_file_info itself and move to the same model as overlayfs and just stash away the struct file for the underlay in file->private_data of the shiftfs struct file Regression Potential: Limited to shiftfs. The basic logic is unchanged. It is just simplified so regression potential should be fairly low. Test Case: Tested with LXD on a kernel with the patch applied and running various standard workloads without any observable regressions. Target Kernels: All LTS kernels with support for shiftfs. ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1846265 Title: shiftfs: rework how shiftfs opens files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1846265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836910] Re: br_netfilter: namespace sysctl operations
** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836910 Title: br_netfilter: namespace sysctl operations To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836910/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
https://lists.ubuntu.com/archives/kernel-team/2019-September/103672.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837223] Re: shiftfs: add O_DIRECT support
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837223 Title: shiftfs: add O_DIRECT support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1837223/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1837231] Re: UBUNTU: SAUCE: shiftfs: pass correct point down
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837231 Title: UBUNTU: SAUCE: shiftfs: pass correct point down To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1837231/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
See https://lists.ubuntu.com/archives/kernel-team/2019-September/103670.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1842059] [NEW] shiftfs: mark kmem_cache as reclaimable
Public bug reported: SRU Justification Impact: Shiftfs does not mark it's slab cache as reclaimable. While this is not a big deal it is not nice to the kernel in general. The shiftfs cache is not so important that it can't be reclaimed. Regression Potential: Limited to shiftfs. This patch has been tested for multiple days and has not caused any regressions. Test Case: Open a lot of files in shiftfs to get them into the cache and then cause memory pressure via e.g. stress-ng and see if the shiftfs cache shrinks. Target Kernels: All LTS kernels with shiftfs support. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Status: New => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1842059 Title: shiftfs: mark kmem_cache as reclaimable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1842059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841977] [NEW] shiftfs: drop entries from cache on unlink
Public bug reported: SRU Justification Impact: LXD on Ubuntu runs on top of zfs by defaults. Users that make use of shiftfs for efficient id-shifting currently hit a bug where zfs is confused about the amount of space that is used in a dataset. For example, creating a file with 1GB of random data will increase the space used by the dataset by 1GB. When the file is removed via rm the space is not freed for zfs. This leads to zfs running out of space pretty quickly. This bug has been observed, described, and reproduced here https://discuss.linuxcontainers.org/t/trying-out-shiftfs/5155/9 . Stéphane Graber observed related issues. Regression Potential: Limited to shiftfs. This patch has been tested on various backends btrfs, dir, zfs to verify that it doesn't regress other workloads. Shiftfs now also aligns more closely with overlayfs on file deletion. Test Case: sudo snap install lxd sudo snap set lxd shiftfs.enable=true sudo systemctl restart snap.lxd.daemon sudo lxd init # make sure to select zfs as backend sudo lxc launch images:ubuntu/bionic b1 sudo lxc exec b1 -- dd if=/dev/urandom bs=1M count=1000 of=dummy.file sudo zfs list default/containers/b1 # will show +1GB sudo lxc exec b1 -- rm dummy.file sudo zfs list default/containers/b1 # will show +1GB on a non-fixed kernel and -1GB on a fixed kernel Target Kernels: All LTS kernels with shiftfs support. ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Christian Brauner (cbrauner) Status: In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841977 Title: shiftfs: drop entries from cache on unlink To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1841977/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1838677] Re: shiftfs: allow overlayfs
** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1838677 Title: shiftfs: allow overlayfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836910] Re: br_netfilter: namespace sysctl operations
** Tags removed: verification-needed-bionic verification-needed-disco ** Tags added: verification-done-bionic verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836910 Title: br_netfilter: namespace sysctl operations To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836910/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1838677] Re: shiftfs: allow overlayfs
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1838677 Title: shiftfs: allow overlayfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1838677] Re: shiftfs: allow overlayfs
SRU request here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677 Patchset here: https://github.com/brauner/ubuntu-disco/tree/overlayfs_on_shiftfs Mailing list patchset posting here: https://lists.ubuntu.com/archives/kernel-team/2019-August/102741.html ** Tags added: shiftfs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1838677 Title: shiftfs: allow overlayfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1824719] Re: shiftfs: Allow stacking overlayfs on top
SRU request here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838677 Patchset here: https://github.com/brauner/ubuntu-disco/tree/overlayfs_on_shiftfs Mailing list patchset posting here: https://lists.ubuntu.com/archives/kernel-team/2019-August/102741.html ** Changed in: linux (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824719 Title: shiftfs: Allow stacking overlayfs on top To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824719/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
