git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Seth Forshee <seth.forshee@canonical.com>
	Tue, 19 Jan 2016 19:12:02 +0000 (13:12 -0600)
committer	Tim Gardner <tim.gardner@canonical.com>
	Mon, 21 Nov 2016 14:20:26 +0000 (07:20 -0700)
commit	acb0bcdbf914e0786352fd5c547c91b19327b225
tree	f46b906b848992f81135c569090f4993d32276e9	tree
parent	269b7ea87fc02a47f8c22d58ead48217af87d266	commit \| diff

UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

The original mounter had CAP_SYS_ADMIN in the user namespace
where the mount happened, and the vfs has validated that the user
has permission to do the requested operation. This is sufficient
for allowing the kernel to write these specific xattrs, so we can
bypass the permission checks for these xattrs.

To support this, export __vfs_setxattr_noperm and add an similar
__vfs_removexattr_noperm which is also exported. Use these when
setting or removing trusted.overlayfs.* xattrs.

BugLink: http://bugs.launchpad.net/bugs/1531747
BugLink: http://bugs.launchpad.net/bugs/1534961
BugLink: http://bugs.launchpad.net/bugs/1535150
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

fs/overlayfs/overlayfs.h		diff \| blob \| blame \| history
fs/xattr.c		diff \| blob \| blame \| history
include/linux/xattr.h		diff \| blob \| blame \| history