Comment 4 for bug 1786729

Seth Forshee (sforshee) wrote :

From the test case source:

    Check if an unlinked executable can run in overlayfs mount.
    The regression is introduced from 8db6c34f1dbc ("Introduce v3
    namespaced file capabilities"). in security/commoncap.c,
    cap_inode_getsecurity() use d_find_alias() cause unhashed dentry
    can't be found. The solution could use d_find_any_alias() instead of

    From kernel 4.14, this case is expected fails, execveat shell
    return EINVAL.

I checked upstream and the code still uses d_find_alias(). There's a patch that is in Eric Biederman's userns-testing branch but not linux-next:

So ... given that this has always been in bionic and we're only noticing because some test specifically for this problem failed, I don't see that it's something urgent to fix. I think we can just add the fix to the next upload.