[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824350 Title: shiftfs: chown sets untranslated ids in lower fs Status in linux package in Ubuntu: Fix Released Bug description: SRU Justification Impact: shiftfs_setattr() creates an iattr struct with shifted ids for the lower fs, but then mistakenly passes the original iattr struct when changing the lower filesystem attributes. As a result, chown on a shiftfs filesystem sets ownership using the untranslated user and group ids. Fix: Pass the struct containing shifted uids to notify_change(). Regression Potential: This is a simple and obvious fix, and it has been tested to confirm it fixes the issue. Therefore the risk of regressions is low. Test Case: Within a lxd container using shiftfs, run: # mkdir dir # touch file # ls -lh dir file drwxr-xr-x 2 root root 4.0K Apr 11 13:05 dir -rw-r--r-- 1 root root0 Apr 11 13:05 file # chown 500:500 dir file # ls -lh dir file Expected result: drwxr-xr-x 2 500 500 4.0K Apr 11 13:05 dir -rw-r--r-- 1 500 5000 Apr 11 13:05 file Result in 5.0.0-10.11: drwxr-xr-x 2 1000500 1000500 4.0K Apr 11 12:42 dir -rw-r--r-- 1 1000500 10005000 Apr 11 12:42 file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824350/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
This bug was fixed in the package linux - 5.0.0-11.12 --- linux (5.0.0-11.12) disco; urgency=medium * linux: 5.0.0-11.12 -proposed tracker (LP: #1824383) * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1] (LP: #1824194) - net: hns3: fix for not calculating tx bd num correctly * disco: unable to use iptables/enable ufw under -virtual kernel (LP: #1823862) - [Packaging] add bpfilter to linux-modules * Make shiftfs a module rather than built-in (LP: #1824354) - [Config] CONFIG_SHIFT_FS=m * shiftfs: chown sets untranslated ids in lower fs (LP: #1824350) - SAUCE: shiftfs: use translated ids when chaning lower fs attrs * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063) - [Packaging] bind hv_kvp_daemon startup to hv_kvp device linux (5.0.0-10.11) disco; urgency=medium * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936) * Apparmor enforcement failure in lxc selftests (LP: #1823379) - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled" * systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) - openvswitch: fix flow actions reallocation linux (5.0.0-9.10) disco; urgency=medium * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * Huawei Hi1822 NIC has poor performance (LP: #1820187) - net-next/hinic: replace disable_irq_nosync/enable_irq * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186) - shiftfs: uid/gid shifting bind mount - shiftfs: rework and extend - shiftfs: support some btrfs ioctls - [Config] enable shiftfs * Cannot boot or install - have to use nomodeset (LP: #1821820) - Revert "drm/i915/fbdev: Actually configure untiled displays" * Disco update: v5.0.6 upstream stable release (LP: #1823060) - netfilter: nf_tables: fix set double-free in abort path - dccp: do not use ipv6 header for ipv4 flow - genetlink: Fix a memory leak on error path - gtp: change NET_UDP_TUNNEL dependency to select - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL - mac8390: Fix mmio access size probe - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 - net: datagram: fix unbounded loop in __skb_try_recv_datagram() - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: phy: meson-gxl: fix interrupt support - net: rose: fix a possible stack overflow - net: stmmac: fix memory corruption with large MTUs - net-sysfs: call dev_hold if kobject_init_and_add success - net: usb: aqc111: Extend HWID table by QNAP device - packets: Always register packet sk in the same order - rhashtable: Still do rehash when we get EEXIST - sctp: get sctphdr by offset in sctp_compute_cksum - sctp: use memdup_user instead of vmemdup_user - tcp: do not use ipv6 header for ipv4 flow - tipc: allow service ranges to be connect()'ed on RDM/DGRAM - tipc: change to check tipc_own_id to return in tipc_net_stop - tipc: fix cancellation of topology subscriptions - tun: properly test for IFF_UP - vrf: prevent adding upper devices - vxlan: Don't call gro_cells_destroy() before device is unregistered - thunderx: enable page recycling for non-XDP case - thunderx: eliminate extra calls to put_page() for pages held for recycling - net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode - net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t() helper - net: phy: don't clear BMCR in genphy_soft_reset - r8169: fix cable re-plugging issue - ila: Fix rhashtable walker list corruption - tun: add a missing rcu_read_unlock() in error path - powerpc/fsl: Fix the flush of branch predictor. - Btrfs: fix incorrect file size after shrinking truncate and fsync - btrfs: remove WARN_ON in log_dir_items - btrfs: don't report readahead errors and don't update statistics - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size - Btrfs: fix assertion failure on fsync with NO_HOLES enabled - locks: wake any locks blocked on request before deadlock check - tracing: initialize variable in create_dyn_event() - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time - powerpc: bpf: Fix generation of load/store DW instructions - vfio: ccw: only free cp on final interrupt - NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data() - NFS: fix mount/umount race in nlmclnt. - NFSv4.1 don't free interrupted slot on open - net: dsa: qca8k:
[Kernel-packages] [Bug 1824350] Re: shiftfs: chown sets untranslated ids in lower fs
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824350 Title: shiftfs: chown sets untranslated ids in lower fs Status in linux package in Ubuntu: Fix Committed Bug description: SRU Justification Impact: shiftfs_setattr() creates an iattr struct with shifted ids for the lower fs, but then mistakenly passes the original iattr struct when changing the lower filesystem attributes. As a result, chown on a shiftfs filesystem sets ownership using the untranslated user and group ids. Fix: Pass the struct containing shifted uids to notify_change(). Regression Potential: This is a simple and obvious fix, and it has been tested to confirm it fixes the issue. Therefore the risk of regressions is low. Test Case: Within a lxd container using shiftfs, run: # mkdir dir # touch file # ls -lh dir file drwxr-xr-x 2 root root 4.0K Apr 11 13:05 dir -rw-r--r-- 1 root root0 Apr 11 13:05 file # chown 500:500 dir file # ls -lh dir file Expected result: drwxr-xr-x 2 500 500 4.0K Apr 11 13:05 dir -rw-r--r-- 1 500 5000 Apr 11 13:05 file Result in 5.0.0-10.11: drwxr-xr-x 2 1000500 1000500 4.0K Apr 11 12:42 dir -rw-r--r-- 1 1000500 10005000 Apr 11 12:42 file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824350/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp