On Fri, Jul 08, 2022 at 11:01:32AM +0200, Christian Brauner wrote:
> This cycle we added support for mounting overlayfs on top of idmapped mounts.
> Recently I've started looking into potential corner cases when trying to add
> additional tests and I noticed that reporting for POSIX ACLs is currently wrong
> when using idmapped layers with overlayfs mounted on top of it.
<snip detailed explanation>
Beyond the issues described here, it also looks like the vfs_*() calls
are been inconsistent wrt idmapped mounts. With acls it takes/returns
unmapped ids, but other interfaces like vfs_getattr() return mapped ids.
So it makes sense to make vfs_{get,set}xattr() behave likewise.
I have one small suggestion below, but I think this looks good.
Reviewed-by: Seth Forshee <sforshee@xxxxxxxxxxxxxxxx>
> +static inline bool is_posix_acl_xattr(const char *name)
> +{
> + return (strcmp(name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
> + (strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0);
> +}
> +
There are locations still open-coding this check -- setxattr_convert()
and do_getxattr(). Maybe consider adding a follow-on patch to convert
those too.
Seth
