Re: [PATCH v3 0/6] Composefs: an opportunistically sharing verified image filesystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >> I previously mentioned my wish of using it from a user namespace, the
> >> goal seems more challenging with EROFS or any other block devices.  I
> >> don't know about the difficulty of getting overlay metacopy working in a
> >> user namespace, even though it would be helpful for other use cases as
> >> well.
> >>
> >
> > There is no restriction of metacopy in user namespace.
> > overlayfs needs to be mounted with -o userxattr and the overlay
> > xattrs needs to use user.overlay. prefix.
>
> if I specify both userxattr and metacopy=on then the mount ends up in
> the following check:
>
> if (config->userxattr) {
>         [...]
>         if (config->metacopy && metacopy_opt) {
>                 pr_err("conflicting options: userxattr,metacopy=on\n");
>                 return -EINVAL;
>         }
> }
>

Right, my bad.

> to me it looks like it was done on purpose to prevent metacopy from a
> user namespace, but I don't know the reason for sure.
>

With hand crafted metacopy, an unpriv user can chmod
any files to anything by layering another file with different
mode on top of it....

Not sure how the composefs security model intends to handle
this scenario with userns mount, but it sounds like a similar
problem.

Thanks,
Amir.



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux