Overview
Request 1083262 accepted
- Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root
installations of Apptainer iwhich was not active in the recent openSUSE
packages. Still this is included for completenss. The fix adds allow
setuid-mount configuration options encrypted, squashfs, and extfs, and makes
the default for extfs be "no". That disables the use of extfs mounts
including for overlays or binds while in the setuid-root mode, while leaving
it enabled for unprivileged user namespace mode. The default for encrypted
and squashfs is "yes".
- Other bug fixes:
* Fix loop device 'no such device or address' spurious errors when using shared
loop devices.
* Add xino=on mount option for writable kernel overlay mount points to fix
inode numbers consistency after kernel cache flush (not applicable to
fuse-overlayfs).
Request History
mslacken created request
- Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root
installations of Apptainer iwhich was not active in the recent openSUSE
packages. Still this is included for completenss. The fix adds allow
setuid-mount configuration options encrypted, squashfs, and extfs, and makes
the default for extfs be "no". That disables the use of extfs mounts
including for overlays or binds while in the setuid-root mode, while leaving
it enabled for unprivileged user namespace mode. The default for encrypted
and squashfs is "yes".
- Other bug fixes:
* Fix loop device 'no such device or address' spurious errors when using shared
loop devices.
* Add xino=on mount option for writable kernel overlay mount points to fix
inode numbers consistency after kernel cache flush (not applicable to
fuse-overlayfs).
mslacken accepted request
lgtm