s_iflags overlap prevents unprivileged overlayfs mounts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee | ||
Disco |
Fix Released
|
Medium
|
Seth Forshee | ||
Eoan |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact: SB_I_NOSUID was added by a sauce patch, and over time it has come to occpy the same bit in s_iflags as SB_I_USERNS_VISIBLE without being noticed. overlayfs will set SB_I_NOSUID when any lower mount is nosuid. When this happens for a user namespace mount, mount_too_
Fix: Relocate SB_I_NOSUID to the top of s_iflags to remove the conflict and to make future conflicts less likely.
Test Case: Attached.
Regression Potential: These flags are internal to the kernel, so moving SB_I_NOSUID is safe. It's possible that the overlapping flags caused other unintended behaviors, and if so these will also change and could result in user-visible changes. However, any such behaviors would also be incorrect.
---
As reported by Jann Horn on bug 1850994, unprivileged overlayfs mounting can fail in disco/eoan due to SB_I_NOSUID and SB_I_USERNS_
CVE References
description: | updated |
description: | updated |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Eoan): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
Attaching test script to reproduce the bug, adapted from the reproducer for bug 1850994. Requires the bindfs package.