CONFIG_AUFS_XATTR is not set

Bug #1557776 reported by Fabien COMBERNOUS on 2016-03-15
56
This bug affects 13 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Tim Gardner
Wily
Undecided
Unassigned
Xenial
High
Canonical Kernel Team
Yakkety
High
Tim Gardner

Bug Description

I am using ubuntu 15.10 with kernel linux-image-4.2.0-27-generic.
The setting CONFIG_AUFS_XATTR is not set.

With the previous ubuntu version 15.04 and linux-image-3.19.0-42-generic this setting was compiled as CONFIG_AUFS_XATTR=y

Without CONFIG_AUFS_XATTR docker users using the AUFS driver can not work with capabilities.

Revision history for this message
Yang Luo (hsluoyz) wrote :

Any updates on this issue?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-lts-wily (Ubuntu):
status: New → Confirmed
Changed in linux-lts-wily (Ubuntu):
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
importance: Undecided → High
status: Confirmed → Triaged
Tim Gardner (timg-tpi) on 2016-04-21
affects: linux-lts-wily (Ubuntu Wily) → linux (Ubuntu Wily)
Changed in linux (Ubuntu Wily):
status: New → Confirmed
Tim Gardner (timg-tpi) on 2016-04-21
Changed in linux (Ubuntu Wily):
status: New → In Progress
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
Revision history for this message
Renan Martins Pimentel (renan-pimentel) wrote :

(Y)

Changed in linux (Ubuntu Wily):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Revision history for this message
Fabien COMBERNOUS (fc.) wrote :

I installed linux-image-4.2.0-36-generic, version 4.2.0-36.41 from wily-proposed.
I got yet :
$> grep AUFS_X /boot/config-4.2.0-36-generic
# CONFIG_AUFS_XATTR is not set

Revision history for this message
Brad Figg (brad-figg) wrote :

@Fabien,

The comment was to verify it on xenial, the commit has not made it to Wily yet. I have just verified it's fixed in Xenial.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
martins (martins256) wrote :

@BradFigg,
on ubuntu 16.04 it isn't set to y:
grep AUFS_X /boot/config-4.4.0-21-generic
# CONFIG_AUFS_XATTR is not set

You can check whether the problem with docker still persists by running this:
docker run --rm -ti centos:7 yum install -y httpd

Right now it fails with:
error: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file

Revision history for this message
Tim Gardner (timg-tpi) wrote :

martins - the fix for Xenial is in Ubuntu-4.4.0-22.38

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.4.0-22.39

---------------
linux (4.4.0-22.39) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1578721

  * LP: #1578705
    - bpf: fix double-fdput in replace_map_fd_with_map_ptr()

 -- Kamal Mostafa <email address hidden> Thu, 05 May 2016 09:30:58 -0700

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-wily
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.2.0-38.45

---------------
linux (4.2.0-38.45) wily; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Wed, 08 Jun 2016 22:10:39 +0100

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Brad Koehn (l-brad-y) wrote :

Any chance we'll see this in the 14.04 kernels (3.13)?

Revision history for this message
Tim Gardner (timg-tpi) wrote :

Brad - CONFIG_AUFS_XATTR does not exist in a 3.13 kernel.

Revision history for this message
Brad Koehn (l-brad-y) wrote :

Ah. Ok, thanks.

Revision history for this message
Huang YangWen (yangwen5301) wrote :

Are we able to change the kernel of 14.04 to support docker images? Cause upgrading to 16.04.1 ruins my fakeRaid with devicemapper set.

Revision history for this message
Xavier Aragon (xarax-lp) wrote :

In Ubuntu 16.10 the kernel configuration seems to have again

# CONFIG_AUFS_XATTR is not set

I'm wondering if this is intentional or by mistake. Observed from linux-image-4.8.0-21-generic_4.8.0-21.23_amd64.deb.

Tim Gardner (timg-tpi) on 2016-10-10
Changed in linux (Ubuntu Yakkety):
assignee: Canonical Kernel Team (canonical-kernel-team) → Tim Gardner (timg-tpi)
status: Fix Released → In Progress
Tim Gardner (timg-tpi) on 2016-10-11
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Seth Forshee (sforshee) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
Seth Forshee (sforshee) on 2016-11-07
tags: added: verification-done-yakkety
removed: verification-needed-yakkety
Revision history for this message
Seth Forshee (sforshee) wrote :

Verified that this option is set in the proposed xenial kernel.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package linux - 4.8.0-27.29

---------------
linux (4.8.0-27.29) yakkety; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1635377

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

  * Revert "If zone is so small that watermarks are the same, stop zone balance"
    in yakkety (LP: #1632894)
    - Revert "UBUNTU: SAUCE: (no-up) If zone is so small that watermarks are the
      same, stop zone balance."

  * lts-yakkety 4.8 cannot mount lvm raid1 (LP: #1631298)
    - SAUCE: (no-up) dm raid: fix compat_features validation

  * kswapd0 100% CPU usage (LP: #1518457)
    - SAUCE: (no-up) If zone is so small that watermarks are the same, stop zone
      balance.

  * [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
    __copy_tofrom_user (LP: #1632462)
    - SAUCE: (no-up) powerpc/64: Fix incorrect return value from
      __copy_tofrom_user

  * Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
    memory_stress_ng. (LP: #1628976)
    - SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code

  * Paths not failed properly when unmapping virtual FC ports in VIOS (using
    ibmvfc) (LP: #1632116)
    - scsi: ibmvfc: Fix I/O hang when port is not mapped

  * [Ubuntu16.10]KV4.8: kernel livepatch config options are not set
    (LP: #1626983)
    - [Config] Enable live patching on powerpc/ppc64el

  * CONFIG_AUFS_XATTR is not set (LP: #1557776)
    - [Config] CONFIG_AUFS_XATTR=y

  * Yakkety update to 4.8.1 stable release (LP: #1632445)
    - arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
    - Using BUG_ON() as an assert() is _never_ acceptable
    - usb: misc: legousbtower: Fix NULL pointer deference
    - Staging: fbtft: Fix bug in fbtft-core
    - usb: usbip: vudc: fix left shift overflow
    - USB: serial: cp210x: Add ID for a Juniper console
    - Revert "usbtmc: convert to devm_kzalloc"
    - ALSA: hda - Adding one more ALC255 pin definition for headset problem
    - ALSA: hda - Fix headset mic detection problem for several Dell laptops
    - ALSA: hda - Add the top speaker pin config for HP Spectre x360
    - Linux 4.8.1

  * PSL data cache should be flushed before resetting CAPI adapter
    (LP: #1632049)
    - cxl: Flush PSL cache before resetting the adapter

  * thunder nic: avoid link delays due to RX_PACKET_DIS (LP: #1630038)
    - net: thunderx: Don't set RX_PACKET_DIS while initializing

  * crypto/vmx/p8_ghash memory corruption (LP: #1630970)
    - crypto: ghash-generic - move common definitions to a new header file
    - crypto: vmx - Fix memory corruption caused by p8_ghash
    - crypto: vmx - Ensure ghash-generic is enabled

  * arm64: SPCR console not autodetected (LP: #1630311)
    - of/serial: move earlycon early_param handling to serial
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ACPI: parse SPCR and enable matching console
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function

  * include/linux/security.h header syntax error with !CONFIG_SECURITYFS
...

Read more...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.8.0-30.32

---------------
linux (4.8.0-30.32) yakkety; urgency=low

  * CVE-2016-8655 (LP: #1646318)
    - packet: fix race condition in packet_set_ring

 -- Brad Figg <email address hidden> Thu, 01 Dec 2016 08:02:53 -0800

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers