← Back to team overview

kernel-packages team mailing list archive

[Bug 1445664] [NEW] kernel 3.16 breaks POSIX extended ACLs over NFS

 

Public bug reported:

I have a development environment that uses Vagrant with NFS shares to a
Trusty development VM from OS X laptops.

After the upgrade to the HWE kernel 3.16, installing Ruby gems into the
NFS mount inside the VM failed because of install(1) failing with
permission errors. Debugging revealed that it's trying to set POSIX
extended ACLs using setxattr(); On 3.13 this operation failed with
EOPNOTSUPP (the server does not support extended ACLs), but on 3.16 it
fails with EPERM, even if the NFS mount is explicitly mounted with
"noacl".

Debugging with ftrace and source diving suggests that kernel 3.16
refactored the POSIX extended ACL code so that before the call even hits
the NFS layer, it passes through a generic permission-check layer. It
appears that that layer is not aware of NFS UID remapping, and so fails
the call regardless of what the server would have done.

A simple test case is `install -c -m 0755 <some file> <some path in an
NFS mount>`, which will succeed on 3.13 and fail on 3.16.

The broken system is:

vagrant@packer-vmware-iso:~$ lsb_release -a; uname -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:        14.04
Codename:       trusty
Linux packer-vmware-iso 3.16.0-34-generic #47~14.04.1-Ubuntu SMP Fri Apr 10 17:49:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

** Affects: linux-lts-utopic (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1445664

Title:
  kernel 3.16 breaks POSIX extended ACLs over NFS

Status in linux-lts-utopic package in Ubuntu:
  New

Bug description:
  I have a development environment that uses Vagrant with NFS shares to
  a Trusty development VM from OS X laptops.

  After the upgrade to the HWE kernel 3.16, installing Ruby gems into
  the NFS mount inside the VM failed because of install(1) failing with
  permission errors. Debugging revealed that it's trying to set POSIX
  extended ACLs using setxattr(); On 3.13 this operation failed with
  EOPNOTSUPP (the server does not support extended ACLs), but on 3.16 it
  fails with EPERM, even if the NFS mount is explicitly mounted with
  "noacl".

  Debugging with ftrace and source diving suggests that kernel 3.16
  refactored the POSIX extended ACL code so that before the call even
  hits the NFS layer, it passes through a generic permission-check
  layer. It appears that that layer is not aware of NFS UID remapping,
  and so fails the call regardless of what the server would have done.

  A simple test case is `install -c -m 0755 <some file> <some path in an
  NFS mount>`, which will succeed on 3.13 and fail on 3.16.

  The broken system is:

  vagrant@packer-vmware-iso:~$ lsb_release -a; uname -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:    Ubuntu 14.04.2 LTS
  Release:        14.04
  Codename:       trusty
  Linux packer-vmware-iso 3.16.0-34-generic #47~14.04.1-Ubuntu SMP Fri Apr 10 17:49:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1445664/+subscriptions


Follow ups

References