ACK: [PULL][xenial SRU] Fix for LP#1588056

Brad Figg brad.figg at canonical.com
Tue Jun 28 14:21:48 UTC 2016 

On Fri, Jun 24, 2016 at 12:57:55PM -0500, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/1588056
> 
> These commits fix a problem with cgroupfs mounting by reverting some
> sauce patches we're carrying and pulling in updates from the patches
> recently added to linux-next. As a result the changes go a bit beyond
> simply fixing the bug, but being more closely aligning with upstream
> should help ease maintenance moving forward.
> 
> I'll address a couple of potentially concerning aspects of these changes
> up front:
> 
>  * This reverts our fix for LP#1566505. The upstream changes which fix
>    the problem look a little different but are functionally identical,
>    and I've verified that the bug is still fixed.
> 
>  * Upstream has disabled mounting of the bpf fs in user namespaces in
>    4.7-rc kernels due to the implementation being flawed. As a result
>    the upstream commits do not contain updates to bpf needed in xenial,
>    so my options were either to make those changes myself or pull in the
>    commits to disable it. I opted for the latter since this fs is new in
>    4.4, doesn't have any users that I've been able to find, and is
>    broken for non-init namespace mounts anyway.
> 
> Thanks,
> Seth
> 
> 
> The following changes since commit 35825c221f91372f49857c8c1ff76cd3b915a78a:
> 
>   UBUNTU: SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu10 (2016-06-24 11:10:37 +0100)
> 
> are available in the git repository at:
> 
>   git://git.launchpad.net/~sforshee/+git/ubuntu-xenial lp1588056
> 
> for you to fetch changes up to 3c50fc39e79c20c696f77001730b24266415c4c4:
> 
>   (namespace) ipc/mqueue: The mqueue filesystem should never contain executables (2016-06-24 08:54:49 -0500)
> 
> ----------------------------------------------------------------
> Daniel Borkmann (1):
>       (namespace) bpf, inode: disallow userns mounts
> 
> Eric W. Biederman (5):
>       (namespace) bpf: Use mount_nodev not mount_ns to mount the bpf filesystem
>       (namespace) ipc: Initialize ipc_namespace->user_ns early.
>       (namespace) vfs: Pass data, ns, and ns->userns to mount_ns
>       (namespace) kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC
>       (namespace) ipc/mqueue: The mqueue filesystem should never contain executables
> 
> Seth Forshee (4):
>       Revert "UBUNTU: SAUCE: (namespace) mqueue: Super blocks must be owned by the user ns which owns the ipc ns"
>       Revert "UBUNTU: SAUCE: kernfs: Do not match superblock in another user namespace when mounting"
>       Revert "UBUNTU: SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace"
>       UBUNTU: SAUCE: (namespace) Sync with upstream s_user_ns patches
> 
>  fs/kernfs/mount.c           |  8 +++++---
>  fs/nfsd/nfsctl.c            | 13 ++++---------
>  fs/super.c                  | 30 +++++++++++++++++-------------
>  fs/sysfs/mount.c            |  3 ---
>  include/linux/cgroup-defs.h |  4 ----
>  include/linux/fs.h          |  6 ++----
>  ipc/mqueue.c                | 21 ++++++++-------------
>  ipc/namespace.c             |  1 +
>  kernel/bpf/inode.c          |  3 +--
>  kernel/cgroup.c             | 69 +++++++++++++++++++++++++++++++++++++++------------------------------
>  net/sunrpc/rpc_pipe.c       |  8 ++++----
>  11 files changed, 81 insertions(+), 85 deletions(-)
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Positive testing.

-- 
Brad Figg brad.figg at canonical.com http://www.canonical.com

More information about the kernel-team mailing list