group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1778286] [NEW] Backport namespaced fscaps to xenial 4.4

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Seth Forshee <seth.forshee+lp@xxxxxxxxxxxxx>
Date: Fri, 22 Jun 2018 21:30:35 -0000
Reply-to: Bug 1778286 <1778286@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

SRU Justification

Impact: Support for using filesystem capabilities in unprivileged user
namespaces was added upstream in Linux 4.14. This is a useful feature
that allows unprivileged containers to set fscaps that are valid only in
user namespaces where a specific kuid is mapped to root. This allows for
e.g. support for Linux distros within lxd which make use of filesystem
capabilities.

Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file
capabilities" and any subsequent fixes to xenial 4.4.

Test Case: Test use of fscaps within a lxd container.

Regression Potential: This has been upstream since 4.14 (and thus is
present in bionic), and the backport to xenial 4.4 was straightforward,
so regression potential is low.

** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: Fix Released

** Affects: linux (Ubuntu Xenial)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress

** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New

** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
Status: New => In Progress

** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released

--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1778286

Title:
Backport namespaced fscaps to xenial 4.4

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
In Progress

Bug description:
SRU Justification

Impact: Support for using filesystem capabilities in unprivileged user
namespaces was added upstream in Linux 4.14. This is a useful feature
that allows unprivileged containers to set fscaps that are valid only
in user namespaces where a specific kuid is mapped to root. This
allows for e.g. support for Linux distros within lxd which make use of
filesystem capabilities.

Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced
file capabilities" and any subsequent fixes to xenial 4.4.

Test Case: Test use of fscaps within a lxd container.

Regression Potential: This has been upstream since 4.14 (and thus is
present in bionic), and the backport to xenial 4.4 was
straightforward, so regression potential is low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1778286/+subscriptions

Follow ups

[Bug 1778286] Re: Backport namespaced fscaps to xenial 4.4
From: Launchpad Bug Tracker, 2018-08-23