UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

The original mounter had CAP_SYS_ADMIN in the user namespace
where the mount happened, and the vfs has validated that the user
has permission to do the requested operation. This is sufficient
for allowing the kernel to write these specific xattrs, so bypass
the permission checks for these xattrs.

BugLink: http://bugs.launchpad.net/bugs/1531747
BugLink: http://bugs.launchpad.net/bugs/1534961
BugLink: http://bugs.launchpad.net/bugs/1535150
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>

diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 221608263f085c90076db96a9986aec47add7e2e..a3fc12744c127c464c04a48ce9b38eb57f3655c1 100644 (file)
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -60,7 +60,7 @@ int ovl_do_whiteout_v1(struct inode *workdir,
        if (err)
                return err;
 
-       err = vfs_setxattr(dentry, ovl_whiteout_xattr, "y", 1, 0);
+       err = ovl_do_setxattr(dentry, ovl_whiteout_xattr, "y", 1, 0);
        if (err)
                vfs_unlink(workdir, dentry, NULL);
 

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 91c3b8ea99d330cc239d92a30450545e2b488ee9..d61c61149e0df033984a83a577fa06a293abd6d1 100644 (file)
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -95,7 +95,14 @@ static inline int ovl_do_symlink(struct inode *dir, struct dentry *dentry,
 static inline int ovl_do_setxattr(struct dentry *dentry, const char *name,
                                  const void *value, size_t size, int flags)
 {
-       int err = vfs_setxattr(dentry, name, value, size, flags);
+       struct inode *inode = dentry->d_inode;
+       int err = -EOPNOTSUPP;
+
+       mutex_lock(&inode->i_mutex);
+       if (inode->i_op->setxattr)
+               err = inode->i_op->setxattr(dentry, name, value, size, flags);
+       mutex_unlock(&inode->i_mutex);
+
        pr_debug("setxattr(%pd2, \"%s\", \"%*s\", 0x%x) = %i\n",
                 dentry, name, (int) size, (char *) value, flags, err);
        return err;
@@ -103,7 +110,14 @@ static inline int ovl_do_setxattr(struct dentry *dentry, const char *name,
 
 static inline int ovl_do_removexattr(struct dentry *dentry, const char *name)
 {
-       int err = vfs_removexattr(dentry, name);
+       struct inode *inode = dentry->d_inode;
+       int err = -EOPNOTSUPP;
+
+       mutex_lock(&inode->i_mutex);
+       if (inode->i_op->removexattr)
+               err = inode->i_op->removexattr(dentry, name);
+       mutex_unlock(&inode->i_mutex);
+
        pr_debug("removexattr(%pd2, \"%s\") = %i\n", dentry, name, err);
        return err;
 }