← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #80621

[Bug 1371316] [NEW] Please cherry-pick an aufs patch to unbreak it in conjunction with IMA

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The trusty kernel misses the following patch that already landed in
utopic with the recent aufs update:

https://github.com/sfjro/aufs3-linux/commit/7aac34b421441b701cd0e6de4685b51e4c462d67

This unbreaks aufs with IMA (Integrity Measurement Architecture)
enabled. When IMA is enabled and mmaps are being tracked, the kernel
hits a lock ordering bug because a needed semaphore is already held.
This patch fixes this issue by not calling out to IMA for the access to
the underlying file. However IMA will still see the access to the file
in the merged aufs, which should be good enough.

Please cherry-pick above patch.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Incomplete

** Affects: linux-lts-trusty (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: linux-lts-trusty (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371316

Title:
  Please cherry-pick an aufs patch to unbreak it in conjunction with IMA

Status in “linux” package in Ubuntu:
  Incomplete
Status in “linux-lts-trusty” package in Ubuntu:
  New

Bug description:
  The trusty kernel misses the following patch that already landed in
  utopic with the recent aufs update:

  https://github.com/sfjro/aufs3-linux/commit/7aac34b421441b701cd0e6de4685b51e4c462d67

  This unbreaks aufs with IMA (Integrity Measurement Architecture)
  enabled. When IMA is enabled and mmaps are being tracked, the kernel
  hits a lock ordering bug because a needed semaphore is already held.
  This patch fixes this issue by not calling out to IMA for the access
  to the underlying file. However IMA will still see the access to the
  file in the merged aufs, which should be good enough.

  Please cherry-pick above patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371316/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next