Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1271176pxu; Thu, 17 Dec 2020 06:22:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJzHJwIglmLz/Y6y4LAJ+BlO99r3xRMA5VqOceoY+7CjLZj93K9JLJFEPGNoGEltoyAcwZPZ X-Received: by 2002:a17:906:38c8:: with SMTP id r8mr36137998ejd.39.1608214922801; Thu, 17 Dec 2020 06:22:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608214922; cv=none; d=google.com; s=arc-20160816; b=T5ntl2gYEhCFcN88rLkiPpPyIDMZSgpJVr8E9Ce1s7gnq5S/X2RkCzGIiFolDVpfqs c+o8IaS13mudwTg3c55a22bOhdTR8RsiahQsqFKPJOAFZ1iU1ZMTjQi1rR2xJ3PsIl1V NTIQbzwajf5soOzA0UDwXquyCf0x9YSYXohSYAq9M07fsLTMNi3IamBMhQSpRs6Je08f pbgftp0RsMwODKQbFcxjM8EcU/LuL1v2RB3aL2ZmfToS2uRKgbVsvwxDFXz5ou/pa18q TaZ6vCNJcZ9jzKlds/9boXQU4aP/f1VCEiMTcl88NPPcA6JW8853sw8vXpUaZC5qY6NI lWAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=s2io9byrVSQg39u9kY1sFTMQIOzVrXTXCf/O9WPWFOA=; b=tz8Up535dh1s0KXsTCKt4HsvcH3C8EtILOVFaPqca/RHhf1YcIULQiQNYnpams7xK/ bI8IRwTria/1tLKEMSSE1We4uYh+eVzaF2FIV9mP82Mqw/CTk5KRU0UNCgzfpFW4pMOB 7k9OTiCpcsaihcLx8v0iPoUMfxw8byq/odjVp6bs+/adVWk3KBE/21jMH1yXifStBXSC zTGZnHV/OoKzXvyE5wUNdzavO6A0I9r1mOqAmXDyy1n0oCJPvg6z+1DC+rwJ5gnFwHzp I3ouUGQ6F+fTkzsMaj59jLciAtWRC/xKeQtuCGE/e2E8rxLsWT973W8QRJaHPjf/UcxB qMuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RD62ChU+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e17si2694120ejx.663.2020.12.17.06.21.40; Thu, 17 Dec 2020 06:22:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RD62ChU+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728126AbgLQOU4 (ORCPT + 99 others); Thu, 17 Dec 2020 09:20:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726999AbgLQOU4 (ORCPT ); Thu, 17 Dec 2020 09:20:56 -0500 Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1C30C0617B0 for ; Thu, 17 Dec 2020 06:20:29 -0800 (PST) Received: by mail-ej1-x642.google.com with SMTP id jx16so38097679ejb.10 for ; Thu, 17 Dec 2020 06:20:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=s2io9byrVSQg39u9kY1sFTMQIOzVrXTXCf/O9WPWFOA=; b=RD62ChU+OJDF7UVtIVsJlfZGn25fGNj6obtVAVtbOfS2rSy0yE6P+pQA9jFQ/hMihx AQFvzcRCMpzHb5H2uFgcBZkSOfB02SaM9rPWUt+ugNEML91QwzkZ440MrnUrlX1dtd6d mACbQBbnpf5r+rUU5+ytGiLypwDX6Mliyj+TU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=s2io9byrVSQg39u9kY1sFTMQIOzVrXTXCf/O9WPWFOA=; b=hBTI0Nt3RJM66H8YhlNpcvKlYoJGF4hA+t0X+nFV9aJgHnDkdR1kQNWjUzGSU4hOlH qruaEzmVSgDXZktcokZPyJG/qPwzHFmZOdmpWjWUiuphuV6r56oq0tV6wSpefFss87v9 jRspfdKE7d8jCpXCxWPGQ8s8KvND7oTRlXFlv3SiWJBU+bL89sAtbcCWVLuL+dvyZQvT TpdciY8MkUZzitN5pDFeW/fwOo1rRRvnSm7NNzSmSMSxLSSt4rk/IlsfX9PPzwKLq/0c H/sERG6PkQ+kaOy3REHDBE11bi1l2CPo3t9OmSQJxxzPK2hfoqXU41LN2pJ7wN+iDGHg 5goA== X-Gm-Message-State: AOAM531sOaQRYD6VLOn/dS/x1i4L6dIikJwaRyrn1qPVb+ZCBPcgX9Am 1c+yVpw5/QicPLzZ+JUndQtpZg== X-Received: by 2002:a17:906:9345:: with SMTP id p5mr24446195ejw.40.1608214828591; Thu, 17 Dec 2020 06:20:28 -0800 (PST) Received: from miu.piliscsaba.redhat.com (catv-86-101-169-67.catv.broadband.hu. [86.101.169.67]) by smtp.gmail.com with ESMTPSA id n4sm24486697edt.46.2020.12.17.06.20.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 06:20:27 -0800 (PST) Date: Thu, 17 Dec 2020 15:20:25 +0100 From: Miklos Szeredi To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, "Eric W. Biederman" Subject: [GIT PULL] overlayfs update for 5.11 Message-ID: <20201217142025.GB1236412@miu.piliscsaba.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Please pull from: git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git tags/ovl-update-5.11 - Allow unprivileged mounting in a user namespace. For quite some time the security model of overlayfs has been that operations on underlying layers shall be performed with the privileges of the mounting task. This way an unprvileged user cannot gain privileges by the act of mounting an overlayfs instance. A full audit of all function calls made by the overlayfs code has been performed to see whether they conform to this model, and this branch contains some fixes in this regard. - Support running on copied filesystem images by optionally disabling UUID verification. - Bug fixes as well as documentation updates. I was hoping to get feedback from Eric Biederman on the unprivileged mounting feature, but even without that I feel quite good about enabling it at this point. It's a trivial patch at the head of this branch, so skipping it now or reverting later would also be options. Thanks, Miklos --- Chengguang Xu (1): ovl: fix incorrect extent info in metacopy case Kevin Locke (2): ovl: warn about orphan metacopy ovl: document lower modification caveats Miklos Szeredi (12): ovl: doc clarification ovl: expand warning in ovl_d_real() vfs: move cap_convert_nscap() call into vfs_setxattr() vfs: verify source area in vfs_dedupe_file_range_one() ovl: check privs before decoding file handle ovl: make ioctl() safe ovl: simplify file splice ovl: user xattr ovl: do not fail when setting origin xattr ovl: do not fail because of O_NOATIME ovl: do not get metacopy for userxattr ovl: unprivieged mounts Pavel Tikhomirov (2): ovl: propagate ovl_fs to ovl_decode_real_fh and ovl_encode_real_fh ovl: introduce new "uuid=off" option for inodes index feature --- Documentation/filesystems/overlayfs.rst | 36 ++++++-- fs/overlayfs/copy_up.c | 28 ++++--- fs/overlayfs/export.c | 10 ++- fs/overlayfs/file.c | 144 +++++--------------------------- fs/overlayfs/inode.c | 14 +++- fs/overlayfs/namei.c | 28 ++++--- fs/overlayfs/overlayfs.h | 22 +++-- fs/overlayfs/ovl_entry.h | 2 + fs/overlayfs/super.c | 95 ++++++++++++++++++--- fs/overlayfs/util.c | 18 +++- fs/remap_range.c | 10 ++- fs/xattr.c | 17 ++-- include/linux/capability.h | 2 +- security/commoncap.c | 3 +- 14 files changed, 233 insertions(+), 196 deletions(-)