Hi, I do think I'm affected by the same issue. Is it still helpful to test the 5.19.0-40.41 kernel as proposed by the kernel bot in the previous message? I don't want to mess up my server, but if it helps getting this fixed faster for 22.04, I'm willing to install the kernel from -proposed.
Currently I'm on 22.04 with the following kernel: linux-hwe-5.19-headers-5.19.0-38/jammy-security,jammy-updates,now 5.19.0-38.39~22.04.1 all [installed,automatic] The issue I'm having is with LXD on btrfs when trying to use docker with overlay2 in an unprivileged container. In the container: # docker run -it --rm busybox docker: Error response from daemon: mkdir /var/lib/docker/overlay2/551bd2f3c71ebb9a3d672ac5993d72aea9d58035c0283708e503fc695a131c42-init/merged/proc: read-only file system. See 'docker run --help'. Host dmesg: [ 6344.916322] overlayfs: failed to create directory /var/lib/docker/overlay2/551bd2f3c71ebb9a3d672ac5993d72aea9d58035c0283708e503fc695a131c42-init/work/work (errno: 1); mounting read-only [ 6344.916340] overlayfs: fs on '/var/lib/docker/overlay2/l/QCM5T4AYJGCEMUPJJKGRKLPDGO' does not support file handles, falling back to xino=off. [ 6344.916356] overlayfs: POSIX ACLs are not yet supported with idmapped layers, mounting without ACL support. It seems to be one long sentence, split up in a misleading way. At first I read it as "mounting read-only", but later noticed that it actually states "mounting read-only fs on ..." as if the filesystem contained in the image were read-only by itself, which I'm not sure of. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2009065 Title: overlayfs mounts as R/O over idmapped mount Status in linux package in Ubuntu: Fix Released Status in linux source package in Jammy: Invalid Status in linux-hwe-5.19 source package in Jammy: In Progress Status in linux source package in Kinetic: Fix Committed Status in linux-hwe-5.19 source package in Kinetic: Invalid Bug description: Reproducer: create unprivileged LXC container $ lxc launch ubuntu:22.04 idmap-test $ lxc exec idmap-test bash check that root is idmapped by: $ cat /proc/self/mountinfo | grep idmap 780 675 8:1 /var/snap/lxd/common/lxd/storage- pools/default/containers/idmap-test/rootfs / rw,relatime,idmapped shared:323 master:319 - ext4 /dev/sda1 rw,discard,errors=remount-ro $ mkdir {work,upper,lower,ovl} $ mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work ovl $ touch ovl/test touch: cannot touch 'ovl/test': Read-only file system The problem is in __vfs_removexattr_noperm() function that called from ovl_workdir_create(). In dmesg I can see an error: overlayfs: failed to create directory work/work (errno: 1); mounting read-only Reproducible on: # uname -a Linux ubuntu 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.1 LTS" Suspicious commit: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/fs/overlayfs/overlayfs.h?h=Ubuntu-hwe-5.19-5.19.0-32.33_22.04.1&id=3418435738af5730918fafbdfe2905a98ce2ef05 Chunk: + inode_lock(inode); + err = __vfs_setxattr_noperm(&init_user_ns, dentry, name, value, size, flags); + inode_unlock(inode); should be: + inode_lock(inode); + err = __vfs_setxattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name, value, size, flags); + inode_unlock(inode); I'll send a patch soon. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2009065/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
