[PULL][xenial SRU] Fix for LP#1588056

Seth Forshee seth.forshee at canonical.com
Fri Jun 24 17:57:55 UTC 2016 

BugLink: http://bugs.launchpad.net/bugs/1588056

These commits fix a problem with cgroupfs mounting by reverting some
sauce patches we're carrying and pulling in updates from the patches
recently added to linux-next. As a result the changes go a bit beyond
simply fixing the bug, but being more closely aligning with upstream
should help ease maintenance moving forward.

I'll address a couple of potentially concerning aspects of these changes
up front:

 * This reverts our fix for LP#1566505. The upstream changes which fix
   the problem look a little different but are functionally identical,
   and I've verified that the bug is still fixed.

 * Upstream has disabled mounting of the bpf fs in user namespaces in
   4.7-rc kernels due to the implementation being flawed. As a result
   the upstream commits do not contain updates to bpf needed in xenial,
   so my options were either to make those changes myself or pull in the
   commits to disable it. I opted for the latter since this fs is new in
   4.4, doesn't have any users that I've been able to find, and is
   broken for non-init namespace mounts anyway.

Thanks,
Seth


The following changes since commit 35825c221f91372f49857c8c1ff76cd3b915a78a:

  UBUNTU: SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu10 (2016-06-24 11:10:37 +0100)

are available in the git repository at:

  git://git.launchpad.net/~sforshee/+git/ubuntu-xenial lp1588056

for you to fetch changes up to 3c50fc39e79c20c696f77001730b24266415c4c4:

  (namespace) ipc/mqueue: The mqueue filesystem should never contain executables (2016-06-24 08:54:49 -0500)

----------------------------------------------------------------
Daniel Borkmann (1):
      (namespace) bpf, inode: disallow userns mounts

Eric W. Biederman (5):
      (namespace) bpf: Use mount_nodev not mount_ns to mount the bpf filesystem
      (namespace) ipc: Initialize ipc_namespace->user_ns early.
      (namespace) vfs: Pass data, ns, and ns->userns to mount_ns
      (namespace) kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC
      (namespace) ipc/mqueue: The mqueue filesystem should never contain executables

Seth Forshee (4):
      Revert "UBUNTU: SAUCE: (namespace) mqueue: Super blocks must be owned by the user ns which owns the ipc ns"
      Revert "UBUNTU: SAUCE: kernfs: Do not match superblock in another user namespace when mounting"
      Revert "UBUNTU: SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace"
      UBUNTU: SAUCE: (namespace) Sync with upstream s_user_ns patches

 fs/kernfs/mount.c           |  8 +++++---
 fs/nfsd/nfsctl.c            | 13 ++++---------
 fs/super.c                  | 30 +++++++++++++++++-------------
 fs/sysfs/mount.c            |  3 ---
 include/linux/cgroup-defs.h |  4 ----
 include/linux/fs.h          |  6 ++----
 ipc/mqueue.c                | 21 ++++++++-------------
 ipc/namespace.c             |  1 +
 kernel/bpf/inode.c          |  3 +--
 kernel/cgroup.c             | 69 +++++++++++++++++++++++++++++++++++++++------------------------------
 net/sunrpc/rpc_pipe.c       |  8 ++++----
 11 files changed, 81 insertions(+), 85 deletions(-)

More information about the kernel-team mailing list