** Changed in: linux (Ubuntu Disco)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Eoan)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1849483
Title:
shiftfs: prevent exceeding project quotas
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Disco:
Fix Committed
Status in linux source package in Eoan:
Fix Committed
Bug description:
SRU Justification
Impact:
Currently shiftfs allows to exceed project quota and reserved space on e.g.
ext2. See https://github.com/lxc/lxd/issues/6333 for a report, specifically
https://github.com/lxc/lxd/issues/6333#issuecomment-545154838. This is caused
by overriding the credentials with the superblock creator's credentials
whenever we perform operations such as fallocate() or writes while retaining
CAP_SYS_RESOURCE.
Fix:
Drop CAP_SYS_RESOURCE at superblock creation time from the effective
capability set.
Regression Potential:
Limited to shiftfs. Dropping CAP_SYS_RESOURCE from the effective capability
set should be fine and actually give us more security.
Test Case:
Try to exceed project quotas on a kernel and filesystem that supports them
and see that it fails with the mentioned fix applied.
Target Kernels:
All LTS kernels with shiftfs support.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849483/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
