Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4071461ybg; Fri, 25 Oct 2019 12:55:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqwMmkStI4WnRLs70txp9EDBH1acxo32uPbzB9vKSt8O4J2ReBZTgjMGkkroJR/FFnkmrAn7 X-Received: by 2002:a05:6402:20c:: with SMTP id t12mr5935857edv.109.1572033310113; Fri, 25 Oct 2019 12:55:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572033310; cv=none; d=google.com; s=arc-20160816; b=ZNRK+QmBweDVgqTHxYGsxdOniDNxlPZrFZH30CkwnGB9VwQsoz0C8tytaE5VgyuAEQ vXU/lWbxld+mYwfrjKLdXi4HEYY/YMNDAoCIUVYScXWkDoQF8bvtkbUvxnmpZtrlmYN9 nCoDs/W10rbybXdZBEf4C3KieqCjltZIazVYiow0v4V9NUSQIRe0b+cFbejh+XGfnw15 bIlrOxUHjceU1MPqrzb9QeG0gtRLEYEREWuewB1035xblhYl299tH0cFHATEE4RfXJge xm0YzaFAwImZ9ATiRHesLwibhAr1CZ4QMnEksym4lDK/hJwstCm1Ij+e97habphQpTeg j+7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uWR0FeiNl3309mlO6E0ZvUU8kwY1OBQz216A0AG4Xw4=; b=Pvgv6yVf6D6k+uVMscbP1TR1nZdNRcGQ4bMqa4TlVRZPsbVVx9PQPMXKlQx8isR2Ex zepZY12pVU67cYFthKPym9q4uq0ZccK9AaH2Fhf4qQmDopjXe1+LLfmKLYd2t+yK3CPp d37tlFC4rodlnzg9T0EoIf0/kJjn1Y0Ls7NC59jGZUFRGkW8IT6fM7kt09R4mT5uDFkl gh11rOs4ntIRQuQCsiGsTZzv+1qYGYIBXtCOPPM5QskiR+f+fnuzFopAKmGbmiNUPKVX wEnuk84szw5FndWmzZe8uj4LjA2zBDfonyVGyGpd/WFVuUlOvg576J4ijJxn0MgfxPHA 6k8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=euFSA05C; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z13si1784506ejw.409.2019.10.25.12.54.47; Fri, 25 Oct 2019 12:55:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=euFSA05C; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2439457AbfJYL32 (ORCPT + 99 others); Fri, 25 Oct 2019 07:29:28 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:51657 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2439203AbfJYL31 (ORCPT ); Fri, 25 Oct 2019 07:29:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572002965; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uWR0FeiNl3309mlO6E0ZvUU8kwY1OBQz216A0AG4Xw4=; b=euFSA05CFfQyqCAil6I7w+3kNQl+pDCFe5Jqv2lQGxWblaRHZxQV3e1fvxd5PLKmq2Gp9R tynOoBUzAJRopYSXCSGmToy9+YLPtjn+3wNYx5XYJn2qY9KhFP92o+Q0gWzL43JNf24Z0K fDaSgYfmKfYrAXq1f7EVC3Ibs+/Bk50= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-330-uDlnIiajOLqZTg7uz4n9jg-1; Fri, 25 Oct 2019 07:29:24 -0400 Received: by mail-wr1-f72.google.com with SMTP id r8so924501wrx.8 for ; Fri, 25 Oct 2019 04:29:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ECMzKToI8lUs7uXqHIyGRHyiocaJAiDHNlfvJlo41SA=; b=OlOs8jlQ3WMIjEhDdzMWJEEq/fj+q12tNiltNT0fQIs0TH293DD20BoWTqzZ2NGs8o fOQq8iEuHgnm0e3w4Hh7zaS5KRwtzYnxKbxIlAGptucF0lWG9/ih5i3KrU0Eu09Sf67k SxGHiIPdCjHFb26yTZFXHzbL5VoWTSm5AA7eb6QwQCBg2oAJW0dQuxuQM7hNKZ56D7Cx JcC4QU2fgXso9+3D2bcOIlHBsPQmjwGi3RHHfw7jKkWTrLE9SKldeiliq7JeK9vvnp06 g7tUTZ1Wn5FQQFQ7wSBrA/lxlkpDbe833IB+xDyyoAR4EHXO54S7tsGRW3H+nmVlZsDe zOlA== X-Gm-Message-State: APjAAAVGkRDUjkKVjrKyFRXrq86A0OqXRRs17xCJl1HZYQ+xuCiQxXn7 NwFRaVwXq3Yn0LVuHADvb9AF+ZDZYodKlSIPnU0JxqJ4MYyXc+H06VRBP2HL+1LIwagfRTp6jZY K51FHIt4bbsHJgdiNjtc3gNEy X-Received: by 2002:a5d:4945:: with SMTP id r5mr2503170wrs.37.1572002962863; Fri, 25 Oct 2019 04:29:22 -0700 (PDT) X-Received: by 2002:a5d:4945:: with SMTP id r5mr2503154wrs.37.1572002962677; Fri, 25 Oct 2019 04:29:22 -0700 (PDT) Received: from miu.piliscsaba.redhat.com (185-79-95-246.pool.digikabel.hu. [185.79.95.246]) by smtp.gmail.com with ESMTPSA id l18sm3974080wrn.48.2019.10.25.04.29.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2019 04:29:22 -0700 (PDT) From: Miklos Szeredi To: "Eric W . Biederman" Cc: linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH 2/5] ovl: ignore failure to copy up unknown xattrs Date: Fri, 25 Oct 2019 13:29:14 +0200 Message-Id: <20191025112917.22518-3-mszeredi@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191025112917.22518-1-mszeredi@redhat.com> References: <20191025112917.22518-1-mszeredi@redhat.com> MIME-Version: 1.0 X-MC-Unique: uDlnIiajOLqZTg7uz4n9jg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This issue came up with NFSv4 as the lower layer, which generates "system.nfs4_acl" xattrs (even for plain old unix permissions). Prior to this patch this prevented copy-up from succeeding. The overlayfs permission model mandates that permissions are checked locally for the task and remotely for the mounter(*). NFS4 ACLs are not supported by the Linux kernel currently, hence they cannot be enforced locally. Which means it is indifferent whether this attribute is copied or not. Generalize this to any xattr that is not used in access checking (i.e. it's not a POSIX ACL and not in the "security." namespace). Incidentally, best effort copying of xattrs seems to also be the behavior of "cp -a", which is what overlayfs tries to mimic. (*) Documentation/filesystems/overlayfs.txt#Permission model Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index b801c6353100..ed6e2d6cf7a1 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -36,6 +36,13 @@ static int ovl_ccup_get(char *buf, const struct kernel_p= aram *param) module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing"); =20 +static bool ovl_must_copy_xattr(const char *name) +{ +=09return !strcmp(name, XATTR_POSIX_ACL_ACCESS) || +=09 !strcmp(name, XATTR_POSIX_ACL_DEFAULT) || +=09 !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)= ; +} + int ovl_copy_xattr(struct dentry *old, struct dentry *new) { =09ssize_t list_size, size, value_size =3D 0; @@ -107,8 +114,13 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *= new) =09=09=09continue; /* Discard */ =09=09} =09=09error =3D vfs_setxattr(new, name, value, size, 0); -=09=09if (error) -=09=09=09break; +=09=09if (error) { +=09=09=09if (error !=3D -EOPNOTSUPP || ovl_must_copy_xattr(name)) +=09=09=09=09break; + +=09=09=09/* Ignore failure to copy unknown xattrs */ +=09=09=09error =3D 0; +=09=09} =09} =09kfree(value); out: --=20 2.21.0