[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824350 Title: shiftfs: chown sets untranslated ids in lower fs Status in linux package in Ubuntu: Fix Released Bug description: SRU Justification Impact: shiftfs_setattr() creates an iattr struct with shifted ids for the lower fs, but then mistakenly passes the original iattr struct when changing the lower filesystem attributes. As a result, chown on a shiftfs filesystem sets ownership using the untranslated user and group ids. Fix: Pass the struct containing shifted uids to notify_change(). Regression Potential: This is a simple and obvious fix, and it has been tested to confirm it fixes the issue. Therefore the risk of regressions is low. Test Case: Within a lxd container using shiftfs, run: # mkdir dir # touch file # ls -lh dir file drwxr-xr-x 2 root root 4.0K Apr 11 13:05 dir -rw-r--r-- 1 root root0 Apr 11 13:05 file # chown 500:500 dir file # ls -lh dir file Expected result: drwxr-xr-x 2 500 500 4.0K Apr 11 13:05 dir -rw-r--r-- 1 500 5000 Apr 11 13:05 file Result in 5.0.0-10.11: drwxr-xr-x 2 1000500 1000500 4.0K Apr 11 12:42 dir -rw-r--r-- 1 1000500 10005000 Apr 11 12:42 file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824350/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
This bug was fixed in the package linux - 5.0.0-11.12
---
linux (5.0.0-11.12) disco; urgency=medium
* linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)
* hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
(LP: #1824194)
- net: hns3: fix for not calculating tx bd num correctly
* disco: unable to use iptables/enable ufw under -virtual kernel
(LP: #1823862)
- [Packaging] add bpfilter to linux-modules
* Make shiftfs a module rather than built-in (LP: #1824354)
- [Config] CONFIG_SHIFT_FS=m
* shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
- SAUCE: shiftfs: use translated ids when chaning lower fs attrs
* [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
- [Packaging] bind hv_kvp_daemon startup to hv_kvp device
linux (5.0.0-10.11) disco; urgency=medium
* linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)
* Apparmor enforcement failure in lxc selftests (LP: #1823379)
- SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"
* systemd cause kernel trace "BUG: unable to handle kernel paging request at
6db23a14" on Cosmic i386 (LP: #1813244)
- openvswitch: fix flow actions reallocation
linux (5.0.0-9.10) disco; urgency=medium
* linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* Huawei Hi1822 NIC has poor performance (LP: #1820187)
- net-next/hinic: replace disable_irq_nosync/enable_irq
* Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
- shiftfs: uid/gid shifting bind mount
- shiftfs: rework and extend
- shiftfs: support some btrfs ioctls
- [Config] enable shiftfs
* Cannot boot or install - have to use nomodeset (LP: #1821820)
- Revert "drm/i915/fbdev: Actually configure untiled displays"
* Disco update: v5.0.6 upstream stable release (LP: #1823060)
- netfilter: nf_tables: fix set double-free in abort path
- dccp: do not use ipv6 header for ipv4 flow
- genetlink: Fix a memory leak on error path
- gtp: change NET_UDP_TUNNEL dependency to select
- ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
- mac8390: Fix mmio access size probe
- mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
- net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
- net: datagram: fix unbounded loop in __skb_try_recv_datagram()
- net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
- net: phy: meson-gxl: fix interrupt support
- net: rose: fix a possible stack overflow
- net: stmmac: fix memory corruption with large MTUs
- net-sysfs: call dev_hold if kobject_init_and_add success
- net: usb: aqc111: Extend HWID table by QNAP device
- packets: Always register packet sk in the same order
- rhashtable: Still do rehash when we get EEXIST
- sctp: get sctphdr by offset in sctp_compute_cksum
- sctp: use memdup_user instead of vmemdup_user
- tcp: do not use ipv6 header for ipv4 flow
- tipc: allow service ranges to be connect()'ed on RDM/DGRAM
- tipc: change to check tipc_own_id to return in tipc_net_stop
- tipc: fix cancellation of topology subscriptions
- tun: properly test for IFF_UP
- vrf: prevent adding upper devices
- vxlan: Don't call gro_cells_destroy() before device is unregistered
- thunderx: enable page recycling for non-XDP case
- thunderx: eliminate extra calls to put_page() for pages held for recycling
- net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
- net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t()
helper
- net: phy: don't clear BMCR in genphy_soft_reset
- r8169: fix cable re-plugging issue
- ila: Fix rhashtable walker list corruption
- tun: add a missing rcu_read_unlock() in error path
- powerpc/fsl: Fix the flush of branch predictor.
- Btrfs: fix incorrect file size after shrinking truncate and fsync
- btrfs: remove WARN_ON in log_dir_items
- btrfs: don't report readahead errors and don't update statistics
- btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
- btrfs: Avoid possible qgroup_rsv_size overflow in
btrfs_calculate_inode_block_rsv_size
- Btrfs: fix assertion failure on fsync with NO_HOLES enabled
- locks: wake any locks blocked on request before deadlock check
- tracing: initialize variable in create_dyn_event()
- ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
- powerpc: bpf: Fix generation of load/store DW instructions
- vfio: ccw: only free cp on final interrupt
- NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
- NFS: fix mount/umount race in nlmclnt.
- NFSv4.1 don't free interrupted slot on open
- net: dsa: qca8k:
[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824350 Title: shiftfs: chown sets untranslated ids in lower fs Status in linux package in Ubuntu: Fix Committed Bug description: SRU Justification Impact: shiftfs_setattr() creates an iattr struct with shifted ids for the lower fs, but then mistakenly passes the original iattr struct when changing the lower filesystem attributes. As a result, chown on a shiftfs filesystem sets ownership using the untranslated user and group ids. Fix: Pass the struct containing shifted uids to notify_change(). Regression Potential: This is a simple and obvious fix, and it has been tested to confirm it fixes the issue. Therefore the risk of regressions is low. Test Case: Within a lxd container using shiftfs, run: # mkdir dir # touch file # ls -lh dir file drwxr-xr-x 2 root root 4.0K Apr 11 13:05 dir -rw-r--r-- 1 root root0 Apr 11 13:05 file # chown 500:500 dir file # ls -lh dir file Expected result: drwxr-xr-x 2 500 500 4.0K Apr 11 13:05 dir -rw-r--r-- 1 500 5000 Apr 11 13:05 file Result in 5.0.0-10.11: drwxr-xr-x 2 1000500 1000500 4.0K Apr 11 12:42 dir -rw-r--r-- 1 1000500 10005000 Apr 11 12:42 file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824350/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
