Hi, On Thu, May 01, 2008 at 01:36:25PM -0600, Tim Gardner wrote: > Chris Mason wrote: > > On Thursday 01 May 2008, Tim Gardner wrote: > > > > [ btrfs oops on ubuntu ] > > > >>>> This is because ubuntu kernels ship with apparmor, you'll need this > >>>> patch: > >>>> > >>>> If there is a #ifdef IM_A_UBUNTU_KERNEL I can use, I'll do it. Jeff > >>>> Mahoney has a similar patch for SUSE that I've been meaning to merge, > >>>> but I wanted to lookup some way to check for ubuntu as well. > >>>> > >>>> -chris > >>>> > >>>> diff -r e7da2489b19b file.c > >>>> --- a/file.c Wed Apr 30 13:59:35 2008 -0400 > >>>> +++ b/file.c Thu May 01 12:25:11 2008 -0400 > >>>> @@ -852,7 +852,7 @@ static ssize_t btrfs_file_write(struct f > >>>> goto out_nolock; > >>>> if (count == 0) > >>>> goto out_nolock; > >>>> - err = remove_suid(fdentry(file)); > >>>> + err = remove_suid(&file->f_path); > >>>> if (err) > >>>> goto out_nolock; > >>>> file_update_time(file); > >> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to > >> work for Hardy. However the next development kernel (Intrepid) does not > >> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is > >> not specific enough. > > > > I've been assuming the apparmor patches change remove_suid even when they are > > not enabled in the config. > > > > -chris > > > > Lets get Kees involved. He developed the patch set for Hardy. I would > hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to > its normal state. I can't claim to have developed the patches, only helping coordinate their merging into Ubuntu. John Johansen is the real person we should check with -- he did all the heavy lifting -- now added to discussion. (Hi John!) -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
