[Bug 1785499] Re: Make squashfs-tools in Xenial in sync with Bionic and Cosmic

Stéphane Graber stgraber at stgraber.org
Mon Aug 6 04:00:05 UTC 2018 

== preserve file capabilities ==
=== Rationale ===
Filesystem capabilities aren't properly restored during unsquashfs, this effectively prevents any LXD image from containing file capabilities and breaks basic tools like mtr in recent images.

=== Testcase ===
For the fscaps part, easiest is to grab the latest cosmic cloud image from:
  http://cloud-images.ubuntu.com/cosmic/current/cosmic-server-cloudimg-amd64.squashfs

Then unsquashfs as root and check if "/usr/bin/mtr-packet" shows a
capability when running "getcap".

=== Regression potential ===
Minimal, we're syncing to the exact same source and patches as we've got in bionic and cosmic, the patch is also trivial and "obviously right". The issue is that the kernel will strip capabilities during chown() and unsquashfs was restoring capabilities before calling chown. This patch simply re-orders it so that capabilities are applied after ownership.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to squashfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1785499

Title:
  Make squashfs-tools in Xenial in sync with Bionic and Cosmic

Status in squashfs-tools package in Ubuntu:
  Fix Released
Status in squashfs-tools source package in Xenial:
  Triaged

Bug description:
  squashfs-tools upstream hasn't changed in a while but a number of
  bugfixes are applied through packaging in Debian and Ubuntu.

  The bionic and cosmic versions right now are identical but xenial is
  missing a few fixes which is a problem for the LXD snap among other
  things.

  Looking at debian/series/patches, the fixes currently missing in the xenial version are:
   - 0007-fix-2GB-limit-in-mksquashfs.patch
   - 0008-preserve_file_capabilities.patch

  I'll attach test cases for both of those below and then will prepare
  an SRU that effectively makes the source package identical to what we
  have in bionic, minus the different changelog.

  This should be pretty safe considering both Ubuntu and Debian have
  been shipping those two patches for a while and the fs caps one is
  going to be pretty important moving forward as we're discussing having
  Ubuntu ship with fscaps by default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1785499/+subscriptions

More information about the foundations-bugs mailing list