overlayfs mounts as R/O over idmapped mount
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | |||
Jammy |
Invalid
|
Undecided
|
Unassigned | |||
Kinetic |
Fix Released
|
Medium
|
Unassigned | |||
linux-hwe-5.19 (Ubuntu) | ||||||
Jammy |
Fix Released
|
Medium
|
Unassigned | |||
Kinetic |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Reproducer:
create unprivileged LXC container
$ lxc launch ubuntu:22.04 idmap-test
$ lxc exec idmap-test bash
check that root is idmapped by:
$ cat /proc/self/
780 675 8:1 /var/snap/
$ mkdir {work,upper,
$ mount -t overlay overlay -o lowerdir=
$ touch ovl/test
touch: cannot touch 'ovl/test': Read-only file system
The problem is in __vfs_removexat
In dmesg I can see an error:
overlayfs: failed to create directory work/work (errno: 1); mounting read-only
Reproducible on:
# uname -a
Linux ubuntu 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
Chunk:
+ inode_lock(inode);
+ err = __vfs_setxattr_
+ inode_unlock(
should be:
+ inode_lock(inode);
+ err = __vfs_setxattr_
+ inode_unlock(
I'll send a patch soon.
CVE References
affects: | linux (Ubuntu) → linux-hwe-5.19 (Ubuntu) |
Changed in linux-hwe-5.19 (Ubuntu): | |
assignee: | nobody → Aleksandr Mikhalitsyn (mihalicyn) |
affects: | linux-hwe-5.19 (Ubuntu) → linux (Ubuntu) |
tags: | added: patch |
Changed in linux-hwe-5.19 (Ubuntu Kinetic): | |
status: | New → Invalid |
Changed in linux (Ubuntu Jammy): | |
status: | New → Invalid |
Changed in linux (Ubuntu Kinetic): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-hwe-5.19 (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Kinetic): | |
status: | In Progress → Fix Committed |
no longer affects: | linux-hwe-5.19 (Ubuntu) |
tags: | added: fixed-linux-oem-6.5 |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 2009065
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.