When mounting overlayfs in an unprivileged user namespace, trusted xattr
creation will fail. This will lead to failures in some file operations,
e.g. in the following situation:
mkdir lower upper work merged
mkdir lower/directory
mount -toverlay -olowerdir=lower,upperdir=upper,workdir=work none merged
rmdir merged/directory
mkdir merged/directory
The last mkdir will fail:
mkdir: cannot create directory 'merged/directory': Input/output error
The cause for these failures is currently extremely non-obvious and hard
to debug. Hence, warn the user and suggest using the userxattr mount
option, if it is not already supplied and xattr creation fails during
the self-check.
Signed-off-by: Alois Wohlschlager <[email protected]>
---
fs/overlayfs/super.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 7bb0a47cb615..11123fe967e0 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1427,6 +1427,8 @@ static int ovl_make_workdir(struct super_block *sb,
struct ovl_fs *ofs,
ofs->config.xino = OVL_XINO_OFF;
pr_warn("upper fs does not support xattr,
falling back to xino=off.\n");
}
+ if (!ofs->config.userxattr)
+ pr_warn("trusted xattr creation not
supported, some file operations may fail. Try mounting with userxattr next
time.\n");
err = 0;
} else {
ovl_do_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
--
2.35.1
On Thu, Feb 03, 2022 at 12:02:46PM +0100, Alois Wohlschlager wrote:
> When mounting overlayfs in an unprivileged user namespace, trusted xattr
> creation will fail. This will lead to failures in some file operations,
> e.g. in the following situation:
>
> mkdir lower upper work merged
> mkdir lower/directory
> mount -toverlay -olowerdir=lower,upperdir=upper,workdir=work none merged
> rmdir merged/directory
> mkdir merged/directory
>
> The last mkdir will fail:
>
> mkdir: cannot create directory 'merged/directory': Input/output error
>
> The cause for these failures is currently extremely non-obvious and hard
> to debug. Hence, warn the user and suggest using the userxattr mount
> option, if it is not already supplied and xattr creation fails during
> the self-check.
Thanks for the patch.
How about the following (untested) variant?
Thanks,
Miklos
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 7bb0a47cb615..955aeefc3b29 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1413,11 +1413,12 @@ static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
*/
err = ovl_do_setxattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE, "0", 1);
if (err) {
+ pr_warn("failed to set xattr on upper\n");
ofs->noxattr = true;
if (ofs->config.index || ofs->config.metacopy) {
ofs->config.index = false;
ofs->config.metacopy = false;
- pr_warn("upper fs does not support xattr, falling back to index=off,metacopy=off.\n");
+ pr_warn("...falling back to index=off,metacopy=off.\n");
}
/*
* xattr support is required for persistent st_ino.
@@ -1425,8 +1426,10 @@ static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
*/
if (ofs->config.xino == OVL_XINO_AUTO) {
ofs->config.xino = OVL_XINO_OFF;
- pr_warn("upper fs does not support xattr, falling back to xino=off.\n");
+ pr_warn("...falling back to xino=off.\n");
}
+ if (err == -EPERM && !ofs->config.userxattr)
+ pr_info("try mounting with 'userxattr' option\n");
err = 0;
} else {
ovl_do_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
Am Montag, 21. Februar 2022, 12:11:47 CET schrieb Miklos Szeredi:
>
> Thanks for the patch.
>
> How about the following (untested) variant?
>
> Thanks,
> Miklos
>
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index 7bb0a47cb615..955aeefc3b29 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -1413,11 +1413,12 @@ static int ovl_make_workdir(struct super_block *sb,
> struct ovl_fs *ofs, */
> err = ovl_do_setxattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE, "0", 1);
> if (err) {
> + pr_warn("failed to set xattr on upper\n");
> ofs->noxattr = true;
> if (ofs->config.index || ofs->config.metacopy) {
> ofs->config.index = false;
> ofs->config.metacopy = false;
> - pr_warn("upper fs does not support xattr, falling back to
> index=off,metacopy=off.\n"); + pr_warn("...falling back to
> index=off,metacopy=off.\n");
> }
> /*
> * xattr support is required for persistent st_ino.
> @@ -1425,8 +1426,10 @@ static int ovl_make_workdir(struct super_block *sb,
> struct ovl_fs *ofs, */
> if (ofs->config.xino == OVL_XINO_AUTO) {
> ofs->config.xino = OVL_XINO_OFF;
> - pr_warn("upper fs does not support xattr, falling back to xino=off.\n");
> + pr_warn("...falling back to xino=off.\n");
> }
> + if (err == -EPERM && !ofs->config.userxattr)
> + pr_info("try mounting with 'userxattr' option\n");
> err = 0;
> } else {
> ovl_do_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
Seems sensible to me, since it doesn't duplicate information in case index, metacopy or xino are attempted to be used.
Alois