getxattr: always handle namespaced attributes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned | ||
Cosmic |
Fix Released
|
High
|
Unassigned |
Bug Description
== SRU Justification ==
When running in a container with a user namespace, if you call getxattr
with name = "system.
silently skips the user namespace fixup that it normally does resulting in
un-fixed-up data being returned.
This is caused by posix_acl_
buffer size and not the actual size of the xattr as returned by
vfs_getxattr().
I have pushed a commit upstream that fixes this bug:
This commit passes the actual length of the xattr as returned by
vfs_getxattr() down.
A reproducer for the issue is:
touch acl_posix
setfacl -m user:0:rwx acl_posix
and the compile:
#define _GNU_SOURCE
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include <attr/xattr.h>
/* Run in user namespace with nsuid 0 mapped to uid != 0 on the host. */
int main(int argc, void **argv)
{
ssize_t ret1, ret2;
char buf1[128], buf2[132];
int fret = EXIT_SUCCESS;
char *file;
if (argc < 2) {
}
file = argv[1];
ret1 = getxattr(file, "system.
if (ret1 < 0) {
}
ret2 = getxattr(file, "system.
if (ret2 < 0) {
}
if (ret1 != ret2) {
}
for (ssize_t i = 0; i < ret2; i++) {
}
if (fret == EXIT_SUCCESS)
else
}
and run:
./tester acl_posix
On a non-fixed up kernel this should return something like:
root@c1:/# ./t
Unexpected different in byte 16: ffffffa0 != 00
Unexpected different in byte 17: ffffff86 != 00
Unexpected different in byte 18: 01 != 00
and on a fixed kernel:
root@c1:~# ./t
Test passed
== Fix ==
82c9a927bc5d ("getxattr: use correct xattr length")
== Regression Potential ==
Low. One liner that passes the actual length of the xattr as returned by
vfs_getxattr() down.
== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in linux (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in linux (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → High |
tags: | added: kernel-da-key |
tags: | added: bionic xenial |
Changed in linux (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Cosmic): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Cosmic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Cosmic): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu Xenial): | |
status: | Fix Committed → Fix Released |
tags: | added: cscc |
I built Xenial, Bionic and Cosmic test kernels with commit 82c9a927bc5df6e 06b72d206d24a9d 10cced4eb5.
The test kernel can be downloaded from: kernel. ubuntu. com/~jsalisbury /lp1789746
http://
Can you test this kernel and see if it resolves this bug?
Note about installing test kernels: unsigned .deb packages.
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-
Thanks in advance!