kernel-packages team mailing list archive

Thread
Date
[Bug 1555997] Re: overlay fs regression: chmod fails with "Operation not permitted" on chowned files

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Joseph Salisbury <joseph.salisbury@xxxxxxxxxxxxx>
Date: Fri, 11 Mar 2016 14:33:40 -0000
Reply-to: Bug 1555997 <1555997@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Overlayfs commits between -8 and -10:

84005e9 UBUNTU: SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
6b833b0 UBUNTU: SAUCE: overlayfs: Be more careful about copying up sxid files
9de69709 UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
21b8f14 UBUNTU: SAUCE: overlayfs: Use mounter's credentials instead of selectively raising caps
0c29f9e UBUNTU: SAUCE: overlayfs: Enable user namespace mounts for the "overlay" fstype
98a3740 UBUNTU: SAUCE: overlayfs: when copying up and reading directories ensure mounter had permissions V2
204bb1c UBUNTU: SAUCE: overlay: add backwards compatible overlayfs format support V4


** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Tags added: performing-bisect

** Also affects: linux (Ubuntu Xenial)
   Importance: Medium
       Status: Confirmed

** Changed in: linux (Ubuntu Xenial)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1555997

Title:
  overlay fs regression: chmod fails with "Operation not permitted" on
  chowned files

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  Triaged

Bug description:
  This is a regression in Xenial's kernel 4.4.0-9 or 4.4.0-10. See
  comment #3 for simple reproducer.

  ORIGINAL BUG REPORT
  ===================
  I'm investigating some failures in autopkgtest's testsuite, and stumbled over something really weird: In an ephemeral container it is apparently not possible any more to chmod files that started out being root owned and got chowned later:

  $ sudo lxc-start-ephemeral -o adt-wily
  (log in as ubuntu/ubuntu)
  ubuntu@adt-wily-hvzj1eoa:~$ echo hello | sudo tee /tmp/testfile
  [sudo] password for ubuntu:
  hello
  ubuntu@adt-wily-hvzj1eoa:~$ sudo chown ubuntu:ubuntu /tmp/testfile
  ubuntu@adt-wily-hvzj1eoa:~$ chmod +x /tmp/testfile
  chmod: changing permissions of ‘/tmp/testfile’: Operation not permitted

  However, if the file was *not* previously chowned, it works as
  expected:

  ubuntu@adt-wily-hvzj1eoa:~$ echo hello > /tmp/testfile2
  ubuntu@adt-wily-hvzj1eoa:~$ chmod +x /tmp/testfile2
  ubuntu@adt-wily-hvzj1eoa:~$ chmod -x /tmp/testfile2

  (no errors and testfile2 becomes executable)

  There is no visible permission difference in the files at all, other
  than being group-writable (but changing the group w bit in either
  direction does not change the error at all):

  -rw-r--r-- 1 ubuntu ubuntu 6 Mar 11 10:26 /tmp/testfile
  -rw-rw-r-- 1 ubuntu ubuntu 6 Mar 11 10:26 /tmp/testfile2

  ubuntu@adt-wily-hvzj1eoa:~$ stat /tmp/testfile*
    File: ‘/tmp/testfile’
    Size: 6         	Blocks: 8          IO Block: 4096   regular file
  Device: 15h/21d	Inode: 28          Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  ubuntu)   Gid: ( 1000/  ubuntu)
  Access: 2016-03-11 10:26:19.574364117 +0100
  Modify: 2016-03-11 10:26:19.574364117 +0100
  Change: 2016-03-11 10:26:21.930343210 +0100
   Birth: -
    File: ‘/tmp/testfile2’
    Size: 6         	Blocks: 8          IO Block: 4096   regular file
  Device: 15h/21d	Inode: 29          Links: 1
  Access: (0664/-rw-rw-r--)  Uid: ( 1000/  ubuntu)   Gid: ( 1000/  ubuntu)
  Access: 2016-03-11 10:26:58.730145919 +0100
  Modify: 2016-03-11 10:26:58.730145919 +0100
  Change: 2016-03-11 10:27:44.530203985 +0100
   Birth: -

  There are also no ACLs involved (I checked with getfacl).

  This does not happen with a normal lxc-start, so this might very well
  be a bug in Linux' overlayfs. However, it also does not happen with
  the more modern "sudo lxc-copy -n adt-wily --ephemeral --foreground"
  -- bug perhaps this isn't using overlayfs?

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: lxc 2.0.0~rc9-0ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-11.26-generic 4.4.4
  Uname: Linux 4.4.0-11-generic x86_64
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  CurrentDesktop: i3
  Date: Fri Mar 11 10:21:20 2016
  EcryptfsInUse: Yes
  PackageArchitecture: all
  SourcePackage: lxc
  UpgradeStatus: No upgrade log present (probably fresh install)
  defaults.conf:
   lxc.network.type = veth
   lxc.network.link = lxcbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx
  dnsmasq.conf:
   enable-tftp
   tftp-root=/tmp/tftp
   dhcp-boot=pxelinux.0
  lxc.conf: lxc.lxcpath = /srv/lxc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1555997/+subscriptions