Prevent overlayfs from being mounted on top of idmapped mounts.
Stacking filesystems need to be prevented from being mounted on top of
idmapped mounts until they have have been converted to handle this.
Link: https://lore.kernel.org/r/[email protected]
Cc: Christoph Hellwig <[email protected]>
Cc: David Howells <[email protected]>
Cc: Al Viro <[email protected]>
Cc: [email protected]
Signed-off-by: Christian Brauner <[email protected]>
---
/* v2 */
patch introduced
/* v3 */
- Amir Goldstein <[email protected]>:
- Move check for idmapped lower layers into ovl_mount_dir_noesc().
- David Howells <[email protected]>:
- Adapt check after removing mnt_idmapped() helper.
/* v4 */
unchanged
/* v5 */
unchanged
base-commit: 7c53f6b671f4aba70ff15e1b05148b10d58c2837
/* v6 */
unchanged
base-commit: 19c329f6808995b142b3966301f217c831e7cf31
---
fs/overlayfs/super.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index c04612b19054..b702c576e783 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -858,6 +858,10 @@ static int ovl_mount_dir_noesc(const char *name, struct path *path)
pr_err("filesystem on '%s' not supported\n", name);
goto out_put;
}
+ if (mnt_user_ns(path->mnt) != &init_user_ns) {
+ pr_err("idmapped layers are currently not supported\n");
+ goto out_put;
+ }
if (!d_is_dir(path->dentry)) {
pr_err("'%s' not a directory\n", name);
goto out_put;
--
2.30.0
On Thu, 21 Jan 2021, Christian Brauner wrote:
> Prevent overlayfs from being mounted on top of idmapped mounts.
> Stacking filesystems need to be prevented from being mounted on top of
> idmapped mounts until they have have been converted to handle this.
>
> Link: https://lore.kernel.org/r/[email protected]
> Cc: Christoph Hellwig <[email protected]>
> Cc: David Howells <[email protected]>
> Cc: Al Viro <[email protected]>
> Cc: [email protected]
> Signed-off-by: Christian Brauner <[email protected]>
Reviewed-by: James Morris <[email protected]>
--
James Morris
<[email protected]>