Thanks for looking at this! I tested your change in Xenial (couldn't install the tools package since i assume you built it against Artful's libraries, but it didn't matter) and it does appear to restore the previous behaviour:
% lsb_release -ds Ubuntu 16.04.3 LTS % uname -r 4.13.0-19-generic % ls -Ali /bin/true /ro/bin/true 131819 -rwxr-xr-x 1 root root 27280 Mar 2 2017 /bin/true 131819 -rwxr-xr-x 1 root root 27280 Mar 2 2017 /ro/bin/true % /bin/true --version | head -1 true (GNU coreutils) 8.25 % sudo cp /bin/true /tmp/ % sudo mv /tmp/true /ro/bin/ % ls -Ali /bin/true /ro/bin/true 131819 -rwxr-xr-x 0 root root 27280 Mar 2 2017 /bin/true 131110 -rwxr-xr-x 1 root root 27280 Dec 8 11:57 /ro/bin/true % /bin/true --version | head -1 true (GNU coreutils) 8.25 (On the 'stock' kernel the last command would produce an error.) I don't see any error messages in the kernel log either. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1736808 Title: Changes to overlay lowerdir produce kernel file-caps error Status in linux package in Ubuntu: Triaged Status in linux source package in Artful: Triaged Status in linux source package in Bionic: Triaged Bug description: In 4.13+ kernels, if you replace an executable file on the lowerdir of an Overlay union (such that its inode changes), the system will no longer allow you to execute the file via the upperdir. The changes introduced to the kernel in this commit... https://github.com/torvalds/linux/commit/8db6c34f1dbc8e06aa016a9b829b06902c3e1340 ... cause it to report a file security capabilities error. --- Replication steps and result: 1. Set up an Overlay union containing some executable files. In my case i have an ext4 lowerdir and a tmpfs upperdir, but i don't think it matters. 2. Verify that executing some file (/bin/true for example) on the upperdir works. 3. Replace that file on the lowerdir using mv, rsync, or similar. 4. Attempt to execute the file on the upperdir again — it will fail. The shell will give either 126 or 127 as the return status. 5. Check the kernel log. A message like the following appears: >kernel: Invalid argument reading file caps for /bin/true I replicated this on Xenial using the HWE-edge kernel (4.13). The error does NOT occur on the HWE kernel (4.10). --- NOTE: I am aware that the result of changing files on the lowerdir of an Overlay union, per the documentation, is undefined — so this is probably not a 'bug' per se. However, i wasn't sure it was deliberate, either, and it seemed like maybe the previous undefined behaviour was nicer than the new undefined behaviour, so i thought i'd report it anyway. --- Config information: Ubuntu release: 16.04.3 (Xenial) Kernel package: linux-image-generic-hwe-16.04-edge 4.13.0.17.24 Kernel version signature: Ubuntu 4.13.0-17.20~16.04.1-generic 4.13.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1736808/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
