Bug 215849 - Cannot set POSIX ACL on tmpfs while in user namespace
Summary: Cannot set POSIX ACL on tmpfs while in user namespace
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_other
Depends on:
Reported: 2022-04-17 20:07 UTC by Peter Jin
Modified: 2022-04-19 13:18 UTC (History)
1 user (show)

See Also:
Kernel Version: 5.17.3
Tree: Mainline
Regression: No


Description Peter Jin 2022-04-17 20:07:39 UTC
Attempting to set a POSIX ACL on a tmpfs mount, where such tmpfs mount is made in a mount namespace owned by a non-initial user namespace, results in an "Invalid argument" error.

Steps to reproduce:

# unshare -U -m
(In another shell, write as root "0 1000 1\n100 10000 100\n" to both uid_map and gid_map of the resulting shell, where the 1000 in 0 1000 1 is the effective user/group ID of the original shell)
# mount -t tmpfs -o mode=0755 none /run
# mkdir -p -m 700 /run/test
# setfacl -m u:100:rx /run/test

Expected result: POSIX ACL set correctly on /run/test (mapped to UID 10000 in the init_user_ns)

Actual result: "setfacl: /run/test: Invalid argument"

Worked in Linux 5.16, broken in 5.17.
Comment 1 Christian Brauner 2022-04-19 07:50:31 UTC
Hey Peter,

Thanks for the report. I'll take a look now.
Comment 2 Christian Brauner 2022-04-19 11:51:07 UTC
Reproduced the issue and I have a fix for it.
Comment 3 Christian Brauner 2022-04-19 13:18:12 UTC
Cced you on the regression fix, Peter.

Note You need to log in before you can comment on or make changes to this bug.