Making a hard link of a 0444 permission file fails in overlayfs [Precise]

Bug #944386 reported by Gary Poster on 2012-03-01
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Andy Whitcroft
Precise
Medium
Andy Whitcroft

Bug Description

On Precise updated as of a few minutes ago. Notice the error message four lines from the bottom

gary@garubtosh:~$ mkdir upper
gary@garubtosh:~$ mkdir lower
gary@garubtosh:~$ mkdir tmp
gary@garubtosh:~$ cd lower/
gary@garubtosh:~/lower$ touch 1
gary@garubtosh:~/lower$ chmod 0444 1
gary@garubtosh:~/lower$ ln 1 2
gary@garubtosh:~/lower$ cd ..
gary@garubtosh:~$ sudo mount -t tmpfs none upper
gary@garubtosh:~$ sudo mount -t overlayfs -oupperdir=/home/gary/upper,lowerdir=/home/gary/lower none tmp
gary@garubtosh:~$ cd tmp/
gary@garubtosh:~/tmp$ ls
1 2
gary@garubtosh:~/tmp$ touch 3
gary@garubtosh:~/tmp$ chmod 0444 3
gary@garubtosh:~/tmp$ ln 3 4
ln: failed to create hard link `4' => `3': Operation not permitted
gary@garubtosh:~/tmp$ touch 5
gary@garubtosh:~/tmp$ ln 5 6
gary@garubtosh:~/tmp$

Thanks

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 944386

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: precise
Joseph Salisbury (jsalisbury) wrote :

Does this happen on earlier precise kernels, or previous Ubuntu releases?

Changed in linux (Ubuntu):
importance: Undecided → Medium
Gary Poster (gary) wrote :

Running apport-collect led to bug 944429

Kees Cook (kees) wrote :

To disable the hardlink restriction, you can do this:
    echo 0 > /proc/sys/kernel/yama/protected_nonaccess_hardlinks

This is a kernel bug, though, and needs to be fixed. I'll follow up with Andy who's been doing a lot of unionfs work.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-17.27
Kees Cook (kees) on 2012-03-02
tags: added: bot-stop-nagging
removed: kernel-request-3.2.0-17.27
Changed in linux (Ubuntu Precise):
status: Incomplete → Confirmed
Andy Whitcroft (apw) on 2012-03-02
Changed in linux (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
status: Confirmed → In Progress
Andy Whitcroft (apw) wrote :

Confirmed that this is triggered by a combination of Yama assuming that i_uid is populated in file inodes, and overlayfs not populating this field. Have started an upstream conversation on whether it is possible to assume this is populated or not in the face of an inode with a permissions() op. This will allow us to determine which is at fault.

Timo Aaltonen (tjaalton) wrote :

any update on the progress?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.5.0-10.10

---------------
linux (3.5.0-10.10) quantal-proposed; urgency=low

  [ Andy Whitcroft ]

  * rebase to v3.5.1

  [ Leann Ogasawara ]

  * [Config] Enable CONFIG_AFS_FSCACHE=y
    - LP: #728977

  [ Tim Gardner ]

  * SAUCE: firmware: Remove emi62 files duplicated in linux-firmware
  * SAUCE: firmware: Remove tehuti files duplicated in linux-firmware

  [ Upstream Kernel Changes ]

  * overlayfs: copy up i_uid/i_gid from the underlying inode
    - LP: #944386
  * hwmon: (applesmc) Shorten minimum wait time
    - LP: #1034449
  * hwmon: (applesmc) Decode and act on read/write status codes
    - LP: #1034449

  [ Upstream Kernel Changes ]

  * rebase to v3.5.1
    - LP: #1026953
    - LP: #1025377
 -- Leann Ogasawara <email address hidden> Sun, 12 Aug 2012 13:16:43 -0700

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Quinn Plattel (qiet72) wrote :

Will this bug fix be backported to the Precise Pangolin kernels?

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers