[Bug 1532198] Re: [MIR] zfs-linux
Override component to main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety amd64: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety arm64: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety armhf: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety i386: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/libs/extra/100% -> main libnvpair1linux 0.6.5.7-0ubuntu3 in yakkety s390x: universe/libs/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety amd64: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety arm64: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety armhf: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety i386: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/debug/extra/100% -> main libnvpair1linux-dbg 0.6.5.7-0ubuntu3 in yakkety s390x: universe/debug/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety amd64: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety arm64: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety armhf: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety i386: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/libs/extra/100% -> main libuutil1linux 0.6.5.7-0ubuntu3 in yakkety s390x: universe/libs/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety amd64: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety arm64: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety armhf: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety i386: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/debug/extra/100% -> main libuutil1linux-dbg 0.6.5.7-0ubuntu3 in yakkety s390x: universe/debug/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety amd64: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety arm64: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety armhf: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety i386: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/libs/extra/100% -> main libzfs2linux 0.6.5.7-0ubuntu3 in yakkety s390x: universe/libs/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety amd64: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety arm64: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety armhf: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety i386: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/debug/extra/100% -> main libzfs2linux-dbg 0.6.5.7-0ubuntu3 in yakkety s390x: universe/debug/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety amd64: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety arm64: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety armhf: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety i386: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/libdevel/extra/100% -> main libzfslinux-dev 0.6.5.7-0ubuntu3 in yakkety s390x: universe/libdevel/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety amd64: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety arm64: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety armhf: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety i386: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety powerpc: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety ppc64el: universe/libs/extra/100% -> main libzpool2linux 0.6.5.7-0ubuntu3 in yakkety s390x: universe/libs/extra/100% -> main libzpool2linux-dbg 0.6.5.7-0ubuntu3 in yakkety amd64: universe/debug/extra/100% -> main libzpool2linux-dbg
[Bug 1532198] Re: [MIR] zfs-linux
That looks good! With that on its way to yakkety, I'll mark this approved. Thank you! ** Changed in: zfs-linux (Ubuntu) Status: Incomplete => Fix Committed ** Changed in: zfs-linux (Ubuntu) Assignee: Colin Ian King (colin-king) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Bah, I messed up (brown paper bag). @Michael, do you mind checking again, I've uploaded it to: https://launchpad.net/~colin- king/+archive/ubuntu/zfs-0.6.5.6-sru-v2/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: zfs-linux (Ubuntu) Assignee: (unassigned) => Colin Ian King (colin-king) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Indeed, you need my changes to debian/zfsutils-linux.install as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
That debdiff doesn't look like it stops the double-installation of the zed man page from comment #24 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
@Michael Terry, I've prepared the MIR fixes and uploaded it into: https://launchpad.net/~colin- king/+archive/ubuntu/zfs-0.6.5.6-sru/+packages ..if that looks OK I'll get them uploaded into -prosed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Thanks Richard, I'll put your change into the package ASAP. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
The issues in comment #4 have been addressed, please refer to bug 1579082 - @Michael Terry, let me know if that is satisfactory. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
It turns out that this is still necessary. zfsutils-linux installs /usr/share/man/man8/zed.8.gz, which is also installed by zfs-zed. That needs to be fixed at the same time the Replaces is versioned. If I'm understanding correctly, Policy says a versioned Breaks should be added too. I've made these changes (along with other bug fixes) here: https://launchpad.net/~rlaager/+archive/ubuntu/zfs If you do test from my PPA, please remove it from your APT sources when you're done testing. I don't want some future experiment I upload to break your system. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
@rlaager, zed first shipped in the zfsutils package, and the `Replaces` line was required for a smooth upgrade between releases. It can/should be dropped now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Yeah... Looks like it could be dropped. Even if it did refer to a file that moved at one point, we're past the LTS now, so file migration during upgrades aren't even a concern. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
That Replaces line dates back from the ZoL PPA. I could be missing something, but I don't see why it was even necessary originally. Here's the commit where it was added: https://github.com/zfsonlinux/pkg- zfs/commit/9da00045fb5be4c61bcd29daf0a59daa32c9a43d -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
I see that there's a team bug subscriber now. So the only issue on my original list is fixing the zfs-zed Replaces line for zfsutils-linux. It's such a tiny thing to hold up a MIR, but I guess since xenial deadline is passed and it's so trivial to fix, let's just fix it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Bump? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
stgraber, I wrote in comment #4 what was needed from a normal MIR perspective -- team bug subscriber and to fix the zfs-zed Replaces line. Other than that, it seems fine and with the security ACK, we'd be good to go. (modulo spl-linux of course) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
- Removed the spl task as it's been split out to its own bug. - Moved status back to Incomplete. Looks like we have a security team ack for this, but are missing final ack from the MIR team (assuming everything else looks good). ** Changed in: zfs-linux (Ubuntu) Status: Fix Released => Incomplete ** No longer affects: spl-linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Following up comments in #3 "- zfs_fuid_node_add() modifies zfs_fuid_info_t list without obvious locking -- are calls to this routine suitably locked elsewhere?" cf : https://github.com/zfsonlinux/zfs/issues/4508#issuecomment-209130720 "This functionality, along with everything else wrapped with HAVE_KSID, is dormant under Linux. Additional work is still required needed to map this illumos functionality to its Linux counterpart." -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
spl-linux acked by security team for promotion to main in 1569294. ** Changed in: spl-linux (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
With reference to comment #5, a MIR for SPL has been created, https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1569294 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
We are getting very close to the final freeze. What's the plan to deal with spl? Is it going in, or will the /etc/hostid code be moved to ZFS, or something else? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Following up comments on #3 the libraries install directly to /lib, is this intentional? - efi_use_whole_disk() leaks _label via VT_ENOSPC error return 0.6.5.6: no leak: if ((efi_label->efi_altern_lba == 1) || (efi_label->efi_altern_lba >= efi_label->efi_last_lba)) { if (efi_debug) { (void) fprintf(stderr, "efi_use_whole_disk: requested space not found\n"); } efi_free(efi_label); return (VT_ENOSPC); } - vdev_elevator_switch() broken strncmp() test - bug filed upstream #4507, from code clean up which caused a regression - _finish_daemonize() if devnull is 0, 1, 2, the close(devnull) call will leave the program without that fd * upstream fix 048bb5bd4950b9cb5368ed93d273f0f36e439122 ("Ensure zed _finish_daemonize() leaves fds 0-2 open") - will SRU this - zfs_fuid_node_add() modifies zfs_fuid_info_t list without obvious locking -- are calls to this routine suitably locked elsewhere? * checked this out, agreed, can't see locking, -- reported upstream, #4508 - ddt_zap_update() allocates cbuf[sizeof(dde_phys)] on the stack -- which is an array DDT_PHYS_TYPES long of structs which themselves have an embedded array of structs with further embedded array of integers. How likely is it for this to blow out the stack depth? dde_phys is an array of DDT_PHYS_TYPES ddt_phys_t types, and ddt_phys_t is: typedef struct ddt_phys { dva_t ddp_dva[SPA_DVAS_PER_BP]; uint64_tddp_refcnt; uint64_tddp_phys_birth; } ddt_phys_t; and dva_t is 2 x uint64_t, SPA_DVAS_PER_BP is 3, so ddt_phys_t is (2 x 8 x 3) + 8 + 8, making 64 bytes per ddt_phys_t. DDT_PHYS_TYPES is 4, making the allocation (64 * 4) + 1 = 257 bytes, so no problem at all, it's an acceptable size. - zpool_vdev_remove() includes misleading error message that top-level devices can be removed * minor error message, - bug filed upstream #4506 - zpool_vdev_remove() awkward error message "pool must be upgrade to support log removal" - fixed in 0.6.5.6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
This bug was fixed in the package zfs-linux - 0.6.5.6-0ubuntu6 --- zfs-linux (0.6.5.6-0ubuntu6) xenial; urgency=medium * Remove adm, admin, staff groups from /etc/sudoers.d/zfs (LP: #1532198) -- Colin Ian KingFri, 8 Apr 2016 15:16:39 +0100 ** Changed in: zfs-linux (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
"Please remove the %adm %admin %staff section of /etc/sudoers.d/zfs." - fixed for 0.6.5.6-0ubuntu6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
The spl package creates /etc/hostid in order to guarantee a stable hostid. Retaining that may be important, because if the hostid changes, pools will not import without being forced (which is not something that should be encouraged). Moving the contents of spl.postinst into zfsutils-linux.postinst may be the right approach. Other than that, you can probably just drop the zfs-dkms package from the zfs-linux source and then spl-linux should be unnecessary as you note. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
splat.ko in linux-image-* packages is bug #1566074. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Can someone describe what exactly from spl-linux is needed in main? - spl provides a splat test-driver, users shouldn't need this, and we're not interested in supporting arbitrary testing platforms - spl-dkms provides an infrastructure to build spl.ko on end-user systems, but this module should be provided by linux-image-* packages. - spl-dkms provides an infrastructure to build splat.ko on end-user systems. This module should not be used except for testing. (splat.ko is also provided by linux-image-* but this feels like a mistake.) I have a feeling this is an atavism. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
fwiw - libvirt is stuck in -proposed blocked on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: spl-linux (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: spl-linux (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
zfs-linux depends on spl-linux, MIR needed ** Also affects: spl-linux (Ubuntu) Importance: Undecided Status: New ** Changed in: spl-linux (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spl-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
OK, so I gave it a look over for packaging and maintainability checklists. - Needs a team bug subscriber in Ubuntu - zfs-zed Replaces zfsutils-linux without a version constraint. Is that correct? I assumed a file moved from one package to another, in which case there should be a version. - I like the dep8 tests So I'd say add a bug subscriber, fix the Replaces line, address the init script lintian errors, and fix the sudoers file. ** Changed in: zfs-linux (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
I reviewed zfs-linux version 0.6.5.4-0ubuntu2 as checked into xenial. This should not be considered a full security audit but rather a gauge of maintainability. - zfs is a storage system with extensive features - Build-Depends: autotools-dev, autoconf, autogen, automake, debhelper, dh-autoreconf, dh-systemd, dkms, libselinux1-dev, libtool, uuid-dev, zlib1g-dev, - Is the dkms build-depend still necessary? - Many lintian errors, warnings: - package-name-doesnt-match-sonames - postinst-must-call-ldconfig - debian-changelog-line-too-long - init.d-script-not-marked-as-conffile - init.d-script-not-included-in-package - systemd-no-service-for-init-script - Does not (yet) do encryption - Does not itself do networking, though zfs send | zfs receive often operate over e.g. ssh - Provides kernel modules, zed event daemon, utilities, test tools - zed event daemon spawns 'zedlets' on specific events; care must be taken when writing eventlets to ensure they properly terminate. - zed has nice daemonization routines to send error messages to the parent process - pre/post inst/rm scripts are automatically generated - init scripts / systemd units discover devices in storage pools, import pools, mount filesystems, create zvol block devices, start zed, export any zfs shared filesystems via nfs or cifs, etc. - No dbus services - No setuid executables - programs in /sbin/: - zpios - zhack - zfs - zinject - fsck.zfs - ztest - mount.zfs - zdb - zstreamdump - zpool /usr/sbin/: - zed - The /etc/sudoers.d/zfs file is entirely commented out; it suggests some rules that can be used to allow passwordless access to the read-only zfs and zpool subcommands. However, this file also includes some rules to allow members of adm, admin, or staff groups access to full root privileges. This is not what the comment at the top of the file suggests and I see no reason for this file to contain these rules, even if commented out. - Extensive udev rules to create zvol block devices and /dev/disk/by-vdev/ for more-complicated vdev configurations - No tests run during build - Good selection of kernel smoke tests provided in debian/tests/ - There are no provided cron jobs but system administrators would be wise to schedule pool scrubs frequently; typically weekly or monthly is recommended based on drive quality, level of redundancy in the pool, data read rate and working set size. - More than the usual number of warnings from libtool - Some process spawning: some via zed, some via the kernel, some via utilities. They looked careful. - Memory management looked careful - Not much file IO in the usual sense - Logging looked careful, very extensive error reporting - A lot of environment variable use, some could have unexpected consequences - Extensive privileged commands; far too many to carefully audit - No cryptography (yet) - Does not itself do networking - There are extensive privileged portions of code, including kernel modules; some privilege checks that make sense in OpenSolaris are stubbed out and ignored in Linux, we should investigate further. - Minimal use of temp files, handled carefully - Does not use WebKit - Minor errors reported by cppcheck - extensive shellcheck warnings on many of the scripts; I don't think any are used in deployed systems - Does not use PolicyKit The ZFS code is professionally written: errors are checked extensively, comments are tasteful, functions are just the right size, and the design feels clean to the point of obviousness. The finer points are of course very complicated and we'll need to rely upon upstream for help with anything non-trivial. I did not take sufficient time to fully evaluate the kernel implementation: - large amount of security engine in zfs: - zfs_dozonecheck_impl() for example checks if the currently executing task is executing in the global zone or in a local zone. INGLOBALZONE appears to be defined to (1) making the check useless on Linux. This should probably be extended to perform similar Linux container checks. - Most OpenZFS implementations support NFS4 ACLs; I believe zfsonlinux supports POSIX ACLs instead. It looks like there may be support for both in the codebase, or perhaps framework to support both styles. - Some other ZFS implementations allow delegating authority over datasets to specific uids -- I understand this is entirely missing on Linux but it feels like this deserves investigation. - Extensive amount of API is controlled via ioctl; some amount of API may be exposed to less-privileged users via .zfs/ directories. Both deserve closer inspections. We must validate that unprivileged containers cannot manipulate pools or datasets. I took some notes while reading that I hope are useful: - the libraries install directly to /lib, is this intentional? - efi_use_whole_disk() leaks _label via VT_ENOSPC error return - efi_get_info() hardcodes device names
[Bug 1532198] Re: [MIR] zfs-linux
So the version in Ubuntu is derived from the 0.6.4.2 so does not contain the issue for CVE-2015-3400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
Just for completeness sake, a CVE was assigned to ZFS on Linux, CVE-2015-3400. This is based on an issue that was exclusive to Debian. See http://www.openwall.com/lists/oss-security/2015/04/22/4 for the assignment and https://github.com/zfsonlinux/zfs/issues/3319 for the details. In short, ZoL's Debian then-maintainer (who is not Debian's current ZoL maintainer, if I am not mistaken) built the "official" ZoL Debian packages with additional patches. Those patches were subject to above's CVE, the issue has since been fixed and affected Debian exclusively. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: zfs-linux (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: zfs-linux (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: zfs-linux (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532198 Title: [MIR] zfs-linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1532198] Re: [MIR] zfs-linux
** Description changed: Following the process documented at https://wiki.ubuntu.com/MainInclusionProcess , the following template needs to be filled in to start the MIR for zfs-linux in 16.04 - [Availability] - - [Rationale] - - [Security] + Below are my answers to the various main inclusion requirements, marked + by a * prefix: + + [Availability]: + + "The package must already be in the Ubuntu universe, and must + build for the architectures it is designed to work on." + + * http://packages.ubuntu.com/xenial/admin/zfsutils-linux + * Yes - built for 64 bit arches only, because ZFS is designed to run + well only on 64 bit architectures. + + [Rationale]: + + "There must be a certain level of demand for the package, for example: + The package is useful for a large part of our user base." + + * Yes - there is a lot of interest in ZFS in the server space and for + users wanting to use a file system that supports huge collections of + disks with excellent reliable features such as checksummed raid, mirroring + striping with easy configuration and also simple data sanity checking and + fixing. + * Being requested by Kiko + + "The package is a new build dependency or dependency of a package that we + already support (additionally, the official image builder requires all + used packages be in main)." + + * Yes, already in Wily as a technology demo. + + "The package helps meet a specific Blueprint goal." + + * No blueprint goal. + + "The package replaces another package we currently support and promises + higher quality and/or better features, so that we can drop the old + package from the supported set." + + * Not applicable + + + [Security]: + "The security history and the current state of security issues in + the package must allow us to support the package for at least 18 months + without exposing its users to an inappropriate level of security risks. + This requires checking of several things that are explained in detail in + the subsection Security checks." + + "Check how many vulnerabilities the package had in the past and how they + were handled by upstream and the Debian/Ubuntu package:" + + "http://cve.mitre.org/cve/cve.html: Search in the National Vulnerability +Database using the package as a keyword" + + NO ZFS Linux CVEs found, here is the complete list from Mitre: + + CVE-2015-1415 + The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring + full disk encrypted ZFS, uses world-readable permissions for the GELI + keyfile (/boot/encryption.key), which allows local users to obtain sensitive + key information by reading the file. + + CVE-2015-0448 + Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to + affect confidentiality, integrity, and availability via vectors related to + ZFS File system. + + CVE-2013-3266 + The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new + NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a + READDIR request is for a directory node, which allows remote attackers to + cause a denial of service (memory corruption) or possibly execute arbitrary + code by specifying a plain file instead of a directory. + + CVE-2011-2313 + Unspecified vulnerability in Oracle Solaris 10 allows local users to affect + availability, related to ZFS. + + CVE-2011-2312 + Unspecified vulnerability in Oracle Solaris 10 allows local users to affect + confidentiality, related to ZFS. + + CVE-2011-2311 + Unspecified vulnerability in Oracle Solaris 10 allows local users to affect + availability, related to ZFS. + + CVE-2011-2286 + Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote + authenticated users to affect availability, related to ZFS. + + CVE-2010-4458 + Unspecified vulnerability in Oracle Solaris 11 Express allows local users + to affect availability, related to ZFS. + + CVE-2010-3540 + Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local + users to affect availability, related to ZFS. + + CVE-2010-2392 + Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local + users to affect integrity and availability, related to ZFS. + + CVE-2010-0318 + The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, + and 8.0, when creating files during replay of a setattr transaction, uses + permissions instead of the original permissions, which might allow + local users to read or modify unauthorized files in opportunistic + circumstances after a system crash or power failure. + + CVE-2009-3706 + Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and + OpenSolaris snv_100 through snv_117, allows local users to bypass intended + limitations of the file_chown_self privilege via certain uses of the chown + system call. + +