Btrfs v0.14 Released

Kees Cook kees at canonical.com
Thu May 1 19:51:52 UTC 2008


Hi,

On Thu, May 01, 2008 at 01:36:25PM -0600, Tim Gardner wrote:
> Chris Mason wrote:
> > On Thursday 01 May 2008, Tim Gardner wrote:
> > 
> > [ btrfs oops on ubuntu ]
> > 
> >>>>  This is because ubuntu kernels ship with apparmor, you'll need this
> >>>> patch:
> >>>>
> >>>>  If there is a #ifdef IM_A_UBUNTU_KERNEL I can use, I'll do it.  Jeff
> >>>> Mahoney has a similar patch for SUSE that I've been meaning to merge,
> >>>> but I wanted to lookup some way to check for ubuntu as well.
> >>>>
> >>>>  -chris
> >>>>
> >>>>  diff -r e7da2489b19b file.c
> >>>>  --- a/file.c    Wed Apr 30 13:59:35 2008 -0400
> >>>>  +++ b/file.c    Thu May 01 12:25:11 2008 -0400
> >>>>  @@ -852,7 +852,7 @@ static ssize_t btrfs_file_write(struct f
> >>>>                 goto out_nolock;
> >>>>         if (count == 0)
> >>>>                 goto out_nolock;
> >>>>  -       err = remove_suid(fdentry(file));
> >>>>  +       err = remove_suid(&file->f_path);
> >>>>         if (err)
> >>>>                 goto out_nolock;
> >>>>         file_update_time(file);
> >> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to
> >> work for Hardy. However the next development kernel (Intrepid) does not
> >> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is
> >> not specific enough.
> > 
> > I've been assuming the apparmor patches change remove_suid even when they are 
> > not enabled in the config.
> > 
> > -chris
> > 
> 
> Lets get Kees involved. He developed the patch set for Hardy. I would
> hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to
> its normal state.

I can't claim to have developed the patches, only helping coordinate
their merging into Ubuntu.  John Johansen is the real person we should
check with -- he did all the heavy lifting -- now added to discussion.
(Hi John!)

-Kees

-- 
Kees Cook
Ubuntu Security Team




More information about the kernel-team mailing list