Public bug reported:
SRU Justification
Impact: Support for using filesystem capabilities in unprivileged user
namespaces was added upstream in Linux 4.14. This is a useful feature
that allows unprivileged containers to set fscaps that are valid only in
user namespaces where a specific kuid is mapped to root. This allows for
e.g. support for Linux distros within lxd which make use of filesystem
capabilities.
Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file
capabilities" and any subsequent fixes to xenial 4.4.
Test Case: Test use of fscaps within a lxd container.
Regression Potential: This has been upstream since 4.14 (and thus is
present in bionic), and the backport to xenial 4.4 was straightforward,
so regression potential is low.
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: Fix Released
** Affects: linux (Ubuntu Xenial)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Xenial)
Status: New => In Progress
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778286
Title:
Backport namespaced fscaps to xenial 4.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1778286/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
