kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #84970
[Bug 1371316] Re: Please cherry-pick an aufs patch to unbreak it in conjunction with IMA
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1371316
Title:
Please cherry-pick an aufs patch to unbreak it in conjunction with IMA
Status in “linux” package in Ubuntu:
Invalid
Status in “linux-lts-trusty” package in Ubuntu:
Invalid
Status in “linux” source package in Precise:
Invalid
Status in “linux-lts-trusty” source package in Precise:
In Progress
Status in “linux” source package in Trusty:
Fix Committed
Status in “linux-lts-trusty” source package in Trusty:
Invalid
Bug description:
SRU justification
Impact: when using IMA with aufs in trusty potential exists for very
hard to diagnose lockups.
Testcase: enable IMA and use an aufs filesystem.
Regression Potential: the fix is an upstream cherry-pick from the version of
aufs in Utopic which is used widly for lxc there so regression potential is low. The fix removes code which also lessens the risk.
===
The trusty kernel misses the following patch that already landed in
utopic with the recent aufs update:
https://github.com/sfjro/aufs3-linux/commit/7aac34b421441b701cd0e6de4685b51e4c462d67
This unbreaks aufs with IMA (Integrity Measurement Architecture)
enabled. When IMA is enabled and mmaps are being tracked, the kernel
hits a lock ordering bug because a needed semaphore is already held.
This patch fixes this issue by not calling out to IMA for the access
to the underlying file. However IMA will still see the access to the
file in the merged aufs, which should be good enough.
Please cherry-pick above patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1371316/+subscriptions
References