Commit c61ca557 authored Mar 17, 2020 by Miklos Szeredi

ovl: ignore failure to copy up unknown xattrs



This issue came up with NFSv4 as the lower layer, which generates
"system.nfs4_acl" xattrs (even for plain old unix permissions).  Prior to
this patch this prevented copy-up from succeeding.

The overlayfs permission model mandates that permissions are checked
locally for the task and remotely for the mounter(*).  NFS4 ACLs are not
supported by the Linux kernel currently, hence they cannot be enforced
locally.  Which means it is indifferent whether this attribute is copied or
not.

Generalize this to any xattr that is not used in access checking (i.e. it's
not a POSIX ACL and not in the "security." namespace).

Incidentally, best effort copying of xattrs seems to also be the behavior
of "cp -a", which is what overlayfs tries to mimic.

(*) Documentation/filesystems/overlayfs.txt#Permission model

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

parent 4c494bd5

fs/overlayfs/copy_up.c

+14 −2

Original line number	Diff line number	Diff line
		@@ -36,6 +36,13 @@ static int ovl_ccup_get(char buf, const struct kernel_param param)
		module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
		MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing");

		static bool ovl_must_copy_xattr(const char *name)
		{
		return !strcmp(name, XATTR_POSIX_ACL_ACCESS) \|\|
		!strcmp(name, XATTR_POSIX_ACL_DEFAULT) \|\|
		!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN);
		}

		int ovl_copy_xattr(struct dentry old, struct dentry new)
		{
		ssize_t list_size, size, value_size = 0;
		@@ -107,8 +114,13 @@ retry:
		continue; /* Discard */
		}
		error = vfs_setxattr(new, name, value, size, 0);
		if (error)
		if (error) {
		if (error != -EOPNOTSUPP \|\| ovl_must_copy_xattr(name))
		break;

		/* Ignore failure to copy unknown xattrs */
		error = 0;
		}
		}
		kfree(value);
		out:

Admin message