Bug 2046021

Summary: kernel 4.18.0-358.el8 async dirops causes write errors with namespace restricted caps
Product: Red Hat Enterprise Linux 8 Reporter: Dan van der Ster <daniel.vanderster>
Component: kernelAssignee: Jeff Layton <jlayton>
kernel sub component: CephFS QA Contact: Yogesh Mane <ymane>
Status: CLOSED ERRATA Docs Contact: John Wilkins <jowilkin>
Severity: urgent    
Priority: unspecified CC: alex.iribarren, aoconnor, bstinson, idryomov, jlayton, jwboyer, lmiksik, pdonnell, tchandra, vshankar, ymane
Version: CentOS StreamKeywords: Triaged
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Fixed In Version: kernel-4.18.0-372.1.1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 15:11:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dan van der Ster 2022-01-26 08:06:30 UTC
Description of problem:

kernel 4.18.0-358.el8 breaks the ceph client for clients with osd caps restricted to an osd namespace. This kernel was the first to enable async dirops by default; the issue was fixed by mounting with async dirops disabled (-owsync).
Details are in https://tracker.ceph.com/issues/54013

Version-Release number of selected component (if applicable):

kernel 4.18.0-358.el8

Also reproduced with upstream kernel 5.16.2

How to reproduce:

Mount a ceph file share with caps like

        key = xx==
        caps mds = "allow rw path=/volumes/_nogroup/xxx" 
        caps mon = "allow r" 
        caps osd = "allow rw pool=cephfs_data namespace=fsvolumens_xxx" 

Then try to untar a kernel, you'll get errors like

# tar xf linux-5.17-rc1.tar.gz 2>&1 | head
tar: linux-5.17-rc1/.get_maintainer.ignore: Cannot write: Operation not permitted
tar: linux-5.17-rc1/.gitattributes: Cannot write: Operation not permitted
tar: linux-5.17-rc1/.gitignore: Cannot write: Operation not permitted


This patch is the proposed fix: https://lore.kernel.org/ceph-devel/20220125211022.114286-1-jlayton@kernel.org/T/#u

Comment 28 errata-xmlrpc 2022-05-10 15:11:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: kernel security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.