On Thu, Apr 09, 2020 at 11:28:59PM +0200, Miklos Szeredi wrote: > From: Miklos Szeredi <mszeredi@xxxxxxxxxx> > > Whiteouts, unlike real device node should not require privileges to create. > > The general concern with device nodes is that opening them can have side > effects. The kernel already avoids zero major (see > Documentation/admin-guide/devices.txt). To be on the safe side the patch > explicitly forbids registering a char device with 0/0 number (see > cdev_add()). > > This guarantees that a non-O_PATH open on a whiteout will fail with ENODEV; > i.e. it won't have any side effect. > int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) > { > + bool is_whiteout = S_ISCHR(mode) && dev == WHITEOUT_DEV; > int error = may_create(dir, dentry); > > if (error) > return error; > > - if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) > + if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD) && > + !is_whiteout) > return -EPERM; Hmm... That exposes vfs_whiteout() to LSM; are you sure that you won't end up with regressions for overlayfs on sufficiently weird setups?