| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Mar 2016 11:44:54 +1100 From: Daniel Axtens <dja@...ens.net> To: linux-kernel@...r.kernel.org, Theodore Ts'o <tytso@....edu>, linux-ext4@...r.kernel.org, viro@...iv.linux.org.uk, miklos@...redi.hu, linux-unionfs@...r.kernel.org Subject: ext4_file_open: Inconsistent encryption contexts (commit ff978b09f973) breaking Docker Hi, Trying to run a Docker container on a mainline kernel is failing intermittently, in interesting and exciting ways, such as: $ docker run -it --rm --env PACKAGE=sinatra npmtest operation not permitted docker: Error response from daemon: Cannot start container 4fc0120a6389f25241f84527a0d31854806f6fe4fd98d019f790cea0ae7e230b: [10] System error: operation not permitted. $ docker run -it --rm --env PACKAGE=sinatra npmtest Unable to find user tester docker: Error response from daemon: Cannot start container a28d6256cfcde750e8e4ff60fc72217b19b58160df68f55d798ea2f3000c4564: [10] System error: Unable to find user tester. $ docker run ... ... Error: EPERM, operation not permitted '/usr/share/npm/node_modules/npmconf/node_modules/config-chain/index.js' $ docker run ... ... Error: EPERM, operation not permitted '/usr/lib/nodejs/form-data/form_data.js' $ docker run ... ... /bin/bash: /usr/bin/npm: Operation not permitted Each of these failures is accompanied by lines in dmesg like these: EXT4-fs warning (device sda2): ext4_file_open:402: Inconsistent encryption contexts: 27842/3691208 EXT4-fs warning (device sda2): ext4_file_open:402: Inconsistent encryption contexts: 41086/3128060 (With different context numbers each time) Grepping for the error message took me to ff978b09f973: "ext4 crypto: move context consistency check to ext4_file_open()" which went in to mainline in rc5. A build with the source rolled back to the commit immediately before that doesn't exhibit the issue. Docker is using Overlay filesystems backing onto an ext4 filesystem, so some interaction between Overlay FS and ext4 may be the cause. I'm not much of a file system developer so I don't really know where to go from here, but I'm happy to help however I can. The machine is a ppc64le VM running Ubuntu, docker 1.11.0-dev, build dd32445. I've turned on most of the kernel debugging options I can think of and nothing interesting is showing up. fsck reports the root ext4 filesystem is clean. If I've missed any helpful info please let me know. Regards, Daniel Axtens -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists