Check if an unlinked executable can run in overlayfs mount.
The regression is introduced from 8db6c34f1dbc ("Introduce v3
namespaced file capabilities"). in security/commoncap.c,
cap_inode_getsecurity() use d_find_alias() cause unhashed dentry
can't be found. The solution could use d_find_any_alias() instead of
d_find_alias().
From kernel 4.14, this case is expected fails, execveat shell
return EINVAL.
I checked upstream and the code still uses d_find_alias(). There's a patch that is in Eric Biederman's userns-testing branch but not linux-next:
So ... given that this has always been in bionic and we're only noticing because some test specifically for this problem failed, I don't see that it's something urgent to fix. I think we can just add the fix to the next upload.
From the test case source:
Check if an unlinked executable can run in overlayfs mount. commoncap. c, inode_getsecuri ty() use d_find_alias() cause unhashed dentry
The regression is introduced from 8db6c34f1dbc ("Introduce v3
namespaced file capabilities"). in security/
cap_
can't be found. The solution could use d_find_any_alias() instead of
d_find_alias().
From kernel 4.14, this case is expected fails, execveat shell
return EINVAL.
I checked upstream and the code still uses d_find_alias(). There's a patch that is in Eric Biederman's userns-testing branch but not linux-next:
https:/ /patchwork. kernel. org/patch/ 10560165/
So ... given that this has always been in bionic and we're only noticing because some test specifically for this problem failed, I don't see that it's something urgent to fix. I think we can just add the fix to the next upload.