From 4d275b7498a9c55ab8abf3b1cf41c30220301705 Mon Sep 17 00:00:00 2001 From: Seth Forshee Date: Tue, 19 Jan 2016 10:28:10 -0600 Subject: [PATCH 4/6] overlayfs: Skip permission checking when setting trusted.overlayfs.* xattrs The original mounter had CAP_SYS_ADMIN in the user namespace where the mount happened, and the vfs has validated that the user has permission to do the requested operation. This is sufficient for allowing the kernel to write these specific xattrs. Signed-off-by: Seth Forshee --- fs/overlayfs/dir.c | 4 +++- fs/overlayfs/overlayfs.h | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index d269174..76f1e76 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -59,7 +59,9 @@ int ovl_do_whiteout_v1(struct inode *workdir, if (err) return err; - err = vfs_setxattr(dentry, ovl_whiteout_xattr, "y", 1, 0); + mutex_lock(&dentry->d_inode->i_mutex); + err = __vfs_setxattr_noperm(dentry, ovl_whiteout_xattr, "y", 1, 0); + mutex_unlock(&dentry->d_inode->i_mutex); if (err) vfs_unlink(workdir, dentry, NULL); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index ce600d2..01c4104 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -95,7 +95,10 @@ static inline int ovl_do_symlink(struct inode *dir, struct dentry *dentry, static inline int ovl_do_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - int err = vfs_setxattr(dentry, name, value, size, flags); + int err; + mutex_lock(&dentry->d_inode->i_mutex); + err = __vfs_setxattr_noperm(dentry, name, value, size, flags); + mutex_unlock(&dentry->d_inode->i_mutex); pr_debug("setxattr(%pd2, \"%s\", \"%*s\", 0x%x) = %i\n", dentry, name, (int) size, (char *) value, flags, err); return err; -- 2.7.0.rc3