[linux-aws][PATCH 0/1] LP:#1864669 - overlayfs regression - internal getxattr operations without sepolicy checking

Marcelo Henrique Cerri marcelo.cerri at canonical.com
Thu Jul 9 18:14:40 UTC 2020

BugLink: https://bugs.launchpad.net/bugs/1864669

As bug description.

AWS users are also affected by this bug. This fix is already applied
to the azure kernels for some time now without any regressions.

This patch was submitted to upstream as part of a bigger patchset that
proposes to fix several individual issues. Since the patchset is
currently stalled with no ETA to be accepted, I decided to backport
just the necessary fix.

4.15 required bigger changes since some of the affected pieces of code
were missing or were different than upstream and I applied the
equivalent changes to the corresponding area in that kernel. Besides
that, all patches required a small change to remove XATTR_NOSECURITY
since that was added by a previous patch on the same series.

That's a fix that potentially can be included to our main kernels. But
consideroing this fix wasn't accepted upstream yet believe it might be
safer to introduce this fix only to the affected kernels for now. That
way we can reduce the regression potential.

Mark Salyzyn (1):
  UBUNTU: SAUCE: overlayfs: internal getxattr operations without
    sepolicy checking

 fs/overlayfs/namei.c     | 19 ++++++++++---------
 fs/overlayfs/overlayfs.h |  7 +++++++
 fs/overlayfs/util.c      |  8 ++++----
 3 files changed, 21 insertions(+), 13 deletions(-)


More information about the kernel-team mailing list