kernel-packages team mailing list archive

Thread
Date

[Bug 1478578] Re: "overlay" fs type not mountable in unprivileged containers

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1478578@xxxxxxxxxxxxxxxxxx>
Date: Fri, 31 Jul 2015 12:02:01 -0000
Reply-to: Bug 1478578 <1478578@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux - 4.1.0-3.3

---------------
linux (4.1.0-3.3) wily; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1478897

  [ Colin Ian King ]

  * SAUCE: KEYS: ensure we free the assoc array edit if edit is valid
    - CVE-2015-1333

  [ Seth Forshee ]

  * SAUCE: overlayfs: Enable user namespace mounts for the "overlay" fstype
    - LP: #1478578

  [ Upstream Kernel Changes ]

  * sched/stop_machine: Fix deadlock between multiple stop_two_cpus()
    - LP: #1461620
  * x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
  * x86/nmi/64: Remove asm code that saves cr2
  * x86/nmi/64: Switch stacks on userspace NMI entry
  * x86/nmi/64: Reorder nested NMI checks
  * x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI
    detection

 -- Andy Whitcroft <apw@xxxxxxxxxxxxx>  Tue, 28 Jul 2015 11:59:03 +0100

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1333

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1478578

Title:
  "overlay" fs type not mountable in unprivileged containers

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  The "overlay" fstype is not mountable from within non-init user
  namespaces in wily. This is a regression wrt vivid and is causing LXC
  adt failures:

  https://jenkins.qa.ubuntu.com/job/wily-adt-lxc/lastBuild/

  To reproduce, assuming you have an unprivileged LXC container named
  u1:

   $ lxc-clone -s u1 u2
   $ lxc-start -n u2 --logfile=lxc.out --logpriority=DEBUG

  Starting u2 will fail, with the following in lxc.out:

   lxc-start 1438006183.232 ERROR    bdev - bdev.c:overlayfs_mount:2253
  - Operation not permitted - overlayfs: error mounting
  /home/ubuntu/.local/share/lxc/u1/rootfs onto /usr/lib/x86_64-linux-
  gnu/lxc options
  upperdir=/home/ubuntu/.local/share/lxc/u2/delta0,lowerdir=/home/ubuntu/.local/share/lxc/u1/rootfs,workdir=/home/ubuntu/.local/share/lxc/u2/olwork

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1478578/+subscriptions

References

[Bug 1478578] [NEW] "overlay" fs type not mountable in unprivileged containers
From: Seth Forshee, 2015-07-27