Bug 215849

Summary: Cannot set POSIX ACL on tmpfs while in user namespace
Product: File System Reporter: Peter Jin (peter)
Component: OtherAssignee: fs_other
Status: NEW ---    
Severity: normal CC: brauner
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.17.3 Subsystem:
Regression: No Bisected commit-id:

Description Peter Jin 2022-04-17 20:07:39 UTC 
Attempting to set a POSIX ACL on a tmpfs mount, where such tmpfs mount is made in a mount namespace owned by a non-initial user namespace, results in an "Invalid argument" error.


Steps to reproduce:

# unshare -U -m
(In another shell, write as root "0 1000 1\n100 10000 100\n" to both uid_map and gid_map of the resulting shell, where the 1000 in 0 1000 1 is the effective user/group ID of the original shell)
# mount -t tmpfs -o mode=0755 none /run
# mkdir -p -m 700 /run/test
# setfacl -m u:100:rx /run/test

Expected result: POSIX ACL set correctly on /run/test (mapped to UID 10000 in the init_user_ns)

Actual result: "setfacl: /run/test: Invalid argument"

Worked in Linux 5.16, broken in 5.17.
Comment 1 Christian Brauner 2022-04-19 07:50:31 UTC 
Hey Peter,

Thanks for the report. I'll take a look now.
Comment 2 Christian Brauner 2022-04-19 11:51:07 UTC 
Reproduced the issue and I have a fix for it.
Comment 3 Christian Brauner 2022-04-19 13:18:12 UTC 
Cced you on the regression fix, Peter.