Description: overlayfs fs caps privilege escalation
References:
 https://www.openwall.com/lists/oss-security/2021/04/16/1
 https://github.com/briskets/CVE-2021-3493
Notes:
 carnil> Debian ships as well a patch to allow enable unprivileged
 carnil> overlayfs mounts. Cf. #913880 present since 4.19.9-1 upload.
 carnil> One needs to explicitly load the module though with
 carnil> permit_mounts_in_userns (which will issue as well a security
 carnil> warning).
Bugs:
upstream: released (5.11-rc1) [7c03e2cda4a584cadc398e8f6641ca9988a39d52]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
4.9-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
sid: released (5.10.38-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
4.9-stretch-security: N/A "Unprivileged users cannot mount overlayfs"