Re: Btrfs v0.14 Released

From: Kees Cook
Date: Thu May 01 2008 - 15:53:23 EST


Hi,

On Thu, May 01, 2008 at 01:36:25PM -0600, Tim Gardner wrote:
> Chris Mason wrote:
> > On Thursday 01 May 2008, Tim Gardner wrote:
> >
> > [ btrfs oops on ubuntu ]
> >
> >>>> This is because ubuntu kernels ship with apparmor, you'll need this
> >>>> patch:
> >>>>
> >>>> If there is a #ifdef IM_A_UBUNTU_KERNEL I can use, I'll do it. Jeff
> >>>> Mahoney has a similar patch for SUSE that I've been meaning to merge,
> >>>> but I wanted to lookup some way to check for ubuntu as well.
> >>>>
> >>>> -chris
> >>>>
> >>>> diff -r e7da2489b19b file.c
> >>>> --- a/file.c Wed Apr 30 13:59:35 2008 -0400
> >>>> +++ b/file.c Thu May 01 12:25:11 2008 -0400
> >>>> @@ -852,7 +852,7 @@ static ssize_t btrfs_file_write(struct f
> >>>> goto out_nolock;
> >>>> if (count == 0)
> >>>> goto out_nolock;
> >>>> - err = remove_suid(fdentry(file));
> >>>> + err = remove_suid(&file->f_path);
> >>>> if (err)
> >>>> goto out_nolock;
> >>>> file_update_time(file);
> >> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to
> >> work for Hardy. However the next development kernel (Intrepid) does not
> >> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is
> >> not specific enough.
> >
> > I've been assuming the apparmor patches change remove_suid even when they are
> > not enabled in the config.
> >
> > -chris
> >
>
> Lets get Kees involved. He developed the patch set for Hardy. I would
> hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to
> its normal state.

I can't claim to have developed the patches, only helping coordinate
their merging into Ubuntu. John Johansen is the real person we should
check with -- he did all the heavy lifting -- now added to discussion.
(Hi John!)

-Kees

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/