Public bug reported: In 4.13+ kernels, if you replace an executable file on the lowerdir of an Overlay union (such that its inode changes), the system will no longer allow you to execute the file via the upperdir. The changes introduced to the kernel in this commit...
https://github.com/torvalds/linux/commit/8db6c34f1dbc8e06aa016a9b829b06902c3e1340 ... cause it to report a file security capabilities error. --- Replication steps and result: 1. Set up an Overlay union containing some executable files. In my case i have an ext4 lowerdir and a tmpfs upperdir, but i don't think it matters. 2. Verify that executing some file (/bin/true for example) on the upperdir works. 3. Replace that file on the lowerdir using mv, rsync, or similar. 4. Attempt to execute the file on the upperdir again — it will fail. The shell will give either 126 or 127 as the return status. 5. Check the kernel log. A message like the following appears: >kernel: Invalid argument reading file caps for /bin/true I replicated this on Xenial using the HWE-edge kernel (4.13). The error does NOT occur on the HWE kernel (4.10). --- NOTE: I am aware that the result of changing files on the lowerdir of an Overlay union, per the documentation, is undefined — so this is probably not a 'bug' per se. However, i wasn't sure it was deliberate, either, and it seemed like maybe the previous undefined behaviour was nicer than the new undefined behaviour, so i thought i'd report it anyway. --- Config information: Ubuntu release: 16.04.3 (Xenial) Kernel package: linux-image-generic-hwe-16.04-edge 4.13.0.17.24 Kernel version signature: Ubuntu 4.13.0-17.20~16.04.1-generic 4.13.8 ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1736808 Title: Changes to overlay lowerdir produce kernel file-caps error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1736808/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
