capability dac_override denial with overlayfs on 4.11
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
On a 4.11, I see the following denial when trying to use overlay in any capacity:
Jul 11 14:06:46 iolanthe kernel: audit: type=1400 audit(149980000
Reproducer:
$ tar -zxvf ./overlay-
overlay-
overlay-
overlay-
overlay-
overlay-
$ sudo ./overlay-
Created tmpdir '/tmp/tmp.
Ubuntu 4.11.0-
Disabling kernel rate-limiting
kernel.
Loading /tmp/tmp.
chdir(/
Creating the overlay directories
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
ls -lr /tmp/tmp.AuCzfMgEE3
/tmp/tmp.
total 8
drwxr-xr-x 2 root root 4096 Jul 11 14:06 data
drwxr-xr-x 6 root root 4096 Jul 11 14:06 mnt
/tmp/tmp.
total 36
-rwxr-xr-x 1 root root 1398 Jul 11 14:06 drv
-rwxr-xr-x 1 root root 16096 Jul 11 14:06 overlay-
-rw-r--r-- 1 root root 2029 Jul 11 14:06 overlay-
-rw-r--r-- 1 root root 941 Jul 11 14:06 p
-rw-r--r-- 1 root root 924 Jul 11 14:06 p.in
-rwxr-xr-x 1 root root 789 Jul 11 14:06 tst
/tmp/tmp.
total 16
drwxr-xr-x 2 root root 4096 Jul 11 14:06 lower
drwxr-xr-x 2 root root 4096 Jul 11 14:06 merged
drwxr-xr-x 2 root root 4096 Jul 11 14:06 upper
drwxr-xr-x 2 root root 4096 Jul 11 14:06 work
/tmp/tmp.
total 0
/tmp/tmp.
total 0
/tmp/tmp.
total 0
/tmp/tmp.
total 0
Perform the overlay
lower=/
upper=/
work=/tmp/
where=/
- mount('overlay', '/tmp/tmp.
- success
Cleaning up
- umount /tmp/tmp.
- rm -rf /tmp/tmp.AuCzfMgEE3
tags: | added: aa-kernel |