shiftfs: allow overlayfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Christian Brauner | ||
Disco |
Fix Released
|
Medium
|
Unassigned |
Bug Description
SRU Justification
Impact: Currently it is not possible to use overlayfs on top of shiftfs. This means Docker inside of LXD cannot make user of the overlay2 graph driver which is blocking users such as Travis from making use of it efficiently.
Regression Potential: Limited to shiftfs and overlayfs on top of shiftfs. Overlayfs does prevent "remote" filesystems such as ceph, nfs, etc. from being used as the underlay. With this patch shiftfs however can be used as an underlay and we special case it as a suitable filesystem to be used under overlayfs. I verified that the patch does not lead to regression on overlayfs workloads that do not make use of shiftfs as underlay. Additionally, I tested Docker with the overlay2 graphdriver on top of shiftfs. This also has not lead to any regressions.
Test case: Building a kernel with the patch:
sudo snap install lxd
sudo lxd init
sudo lxc launch images:
sudo lxc config set b1 security.nesting true
sudo lxc restart --force b1
sudo lxc shell b1
sudo apt-get install \
apt-
ca-certificates \
curl \
gnupg-agent \
software-
curl -fsSL https:/
curl -fsSL get.docker.com | CHANNEL=test sh
sudo add-apt-repository \
"deb [arch=amd64] https:/
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo systemctl stop docker
cat <<EOF /etc/docker/
{
"storage-driver": "overlay2"
}
EOF
sudo systemctl start docker
docker run -it ubuntu bash
and observe that it works.
Target kernels: All LTS kernels that do support shiftfs, if possible.
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → Christian Brauner (cbrauner) |
status: | New → Confirmed |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Disco): | |
status: | New → In Progress |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-disco removed: verification-needed-disco |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
SRU request here: /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1838677
https:/
Patchset here: /github. com/brauner/ ubuntu- disco/tree/ overlayfs_ on_shiftfs
https:/
Mailing list patchset posting here: /lists. ubuntu. com/archives/ kernel- team/2019- August/ 102741. html
https:/