Fedora Account System
Red Hat Associate
Red Hat Customer
The aufs module for the Linux kernel does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. References: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ http://www.openwall.com/lists/oss-security/2016/02/24/9
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1871728]
Aufs was never a part of the linux kernel. Overlayfs was the preferred solution that was brought in upstream.