← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1778286] [NEW] Backport namespaced fscaps to xenial 4.4

 

Public bug reported:

SRU Justification

Impact: Support for using filesystem capabilities in unprivileged user
namespaces was added upstream in Linux 4.14. This is a useful feature
that allows unprivileged containers to set fscaps that are valid only in
user namespaces where a specific kuid is mapped to root. This allows for
e.g. support for Linux distros within lxd which make use of filesystem
capabilities.

Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file
capabilities" and any subsequent fixes to xenial 4.4.

Test Case: Test use of fscaps within a lxd container.

Regression Potential: This has been upstream since 4.14 (and thus is
present in bionic), and the backport to xenial 4.4 was straightforward,
so regression potential is low.

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: Fix Released

** Affects: linux (Ubuntu Xenial)
     Importance: Medium
     Assignee: Seth Forshee (sforshee)
         Status: In Progress

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: linux (Ubuntu Xenial)
     Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1778286

Title:
  Backport namespaced fscaps to xenial 4.4

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress

Bug description:
  SRU Justification

  Impact: Support for using filesystem capabilities in unprivileged user
  namespaces was added upstream in Linux 4.14. This is a useful feature
  that allows unprivileged containers to set fscaps that are valid only
  in user namespaces where a specific kuid is mapped to root. This
  allows for e.g. support for Linux distros within lxd which make use of
  filesystem capabilities.

  Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced
  file capabilities" and any subsequent fixes to xenial 4.4.

  Test Case: Test use of fscaps within a lxd container.

  Regression Potential: This has been upstream since 4.14 (and thus is
  present in bionic), and the backport to xenial 4.4 was
  straightforward, so regression potential is low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1778286/+subscriptions


Follow ups