Comment 0 for bug 1778286
Revision history for this message
| Seth Forshee (sforshee) wrote Backport unprivileged fscaps to xenial 4.4 | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
SRU Justification
Impact: Support for using filesystem capabilities was added upstream in Linux 4.14. This is a useful feature that allows unprivileged containers to set fscaps that are valid only in user namespaces where a specific kuid is mapped to root. This allows for e.g. support for Linux distros within lxd which make use of filesystem capabilities.
Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4.
Test Case: Test use of fscaps within a lxd container.
Regression Potential: This has been upstream since 4.14 (and thus is present in bionic), and the backport to xenial 4.4 was not difficult, so regression potential is low.