This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1947718
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947718
Title:
overlay: permission regression in 5.4.0.89.93 due to fix for
CVE-2021-3732
Status in linux package in Ubuntu:
Incomplete
Bug description:
Since kernel 5.4.0-89.100 on Focal and 4.15.0-159.167 on Bionic I can
no longer mount an overlay filesystem over directories like / in a
user namespace. With kernel versions 5.4.0-88.99 and 4.15.0-158.166,
respectively, this still works.
An easy way to test this is the following command:
mkdir /tmp/test /tmp/test/upper /tmp/test/work
unshare -m -U -r mount -t overlay none / -o
lowerdir=/,upperdir=/tmp/test/upper,workdir=/tmp/test/work
On an older kernel, this works and outputs nothing.
On the affected kernels, it outputs
mount: /: wrong fs type, bad option, bad superblock on none, missing
codepage or helper program, or other error.
I strongly suspect that this is due to commit "ovl: prevent private
clone if bind mount is not allowed"
(https://github.com/torvalds/linux/commit/427215d85e8d1476da1a86b8d67aceb485eb3631),
which is supposed to fix CVE-2021-3732 and was backported to the
affected Ubuntu kernels. This would likely mean that also all other
supported Ubuntu versions are affected and also upstream kernel (but I
did not test this).
My testing indicates that the mount problem exists whenever I want to
use a directory as lowerdir that has some mountpoints below. For
example, using / or /dev as lowerdir does not work, but
lowerdir=/dev/shm works even on the affected kernels.
Of course I can understand the problem of CVE-2021-3732, but the
current fix is clearly a regression for legitimate behavior.
My use case is that I want to create a container for sandboxing
purposes where I want to mount overlays inside a user+mount namespace
over the whole visible filesystem hierarchy. (Note that in this use
case, I iterate over all mount points and create an overlay mount for
each existing mount point, I do not expect a single overlay mount to
have meaningful cross-mountpoint behavior. So my use case is not
affected by the security problem. But for this I still need to be able
to create overlay mounts for all mount points, including non-leave
mountpoints.)
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-image-5.4.0-89-generic 5.4.0-89.100
ProcVersionSignature: User Name 5.4.0-89.100-generic 5.4.143
Uname: Linux 5.4.0-89-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Oct 19 04:42 seq
crw-rw---- 1 root audio 116, 33 Oct 19 04:42 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.11-0ubuntu27.20
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: [Errno 2] No such file or directory: 'fuser'
CasperMD5CheckResult: skip
CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read
kernel buffer failed: Operation not permitted
Date: Tue Oct 19 12:15:01 2021
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb:
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Lsusb-t:
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
|__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
TERM=screen-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
ProcFB: 0 bochs-drmdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-89-generic
root=PARTUUID=59ea2f51-599c-49f2-b9b3-77197e333865 ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-5.4.0-89-generic N/A
linux-backports-modules-5.4.0-89-generic N/A
linux-firmware 1.187.19
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
acpidump:
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-5.2
dmi.modalias:
dmi:bvnSeaBIOS:bvrrel-1.14.0-0-g155821a1990b-prebuilt.qemu.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-5.2:cvnQEMU:ct1:cvrpc-i440fx-5.2:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-5.2
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947718/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
