Search the Community
Showing results for tags 'root@'.
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04 . If you don't want to update your kernel and you don't use overlayfs, a viable workaround is to just remove or blacklist overlayfs.ko / overlay.ko. Details ============================