open(2) returns EOVERFLOW within tmpfs+userns
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
High
|
Unassigned | ||
Xenial |
Confirmed
|
High
|
Unassigned |
Bug Description
On Ubuntu 4.4.0-59.80-generic 4.4.35, open(2) returns EOVERFLOW when creating a file in tmpfs with user namespace enabled.
This issue wasn't present in 4.4.0-47 and has probably been introduced by https:/
Step to reproduce:
$ unshare -r -U -m /bin/bash
# mount -t tmpfs tmpfs /mnt
# echo $$
2354
In another terminal:
$ sudo nsenter -t 2354 -m
# touch /mnt/foo
touch: cannot touch '/mnt/foo': Value too large for defined data type
Note that we are not joining the user namespace when creating the file but we would expect `touch' to succeed and create the file with an inode set to INVALID_UID/GID (i.e. nobody:nogroup) within the mount namespace.
summary: |
- open(2) returns EOVERFLOW with tmpfs+userns + open(2) returns EOVERFLOW within tmpfs+userns |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
tags: | added: kernel-da-key xenial |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | removed: kernel-da-key |
Status changed to 'Confirmed' because the bug affects multiple users.