[PATCH 2/2] overlayfs: fix capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Miklos Szeredi <mszeredi@xxxxxxx>

The patches from Felix Fietkau which moved lookup and unlink
operations out from filldir didn't move the necessary capability
upgrades.

This patch fixes that.

Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
---
 fs/overlayfs/overlayfs.c |   79 +++++++++++++++++++++++++++--------------------
 1 file changed, 47 insertions(+), 32 deletions(-)

Index: linux-2.6/fs/overlayfs/overlayfs.c
===================================================================
--- linux-2.6.orig/fs/overlayfs/overlayfs.c	2011-03-18 17:31:37.000000000 +0100
+++ linux-2.6/fs/overlayfs/overlayfs.c	2011-03-18 17:33:32.000000000 +0100
@@ -350,8 +350,6 @@ static int ovl_fill_upper(void *buf, con
 static int ovl_dir_read(struct path *realpath, struct ovl_readdir_data *rdd,
 			  filldir_t filler)
 {
-	const struct cred *old_cred;
-	struct cred *override_cred;
 	struct file *realfile;
 	int err;
 
@@ -359,36 +357,15 @@ static int ovl_dir_read(struct path *rea
 	if (IS_ERR(realfile))
 		return PTR_ERR(realfile);
 
-	err = -ENOMEM;
-	override_cred = prepare_creds();
-	if (override_cred) {
-		/*
-		 * CAP_SYS_ADMIN for getxattr
-		 * CAP_DAC_OVERRIDE for lookup and unlink
-		 */
-		cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
-		cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
-		old_cred = override_creds(override_cred);
-
-		do {
-			rdd->count = 0;
-			rdd->err = 0;
-			err = vfs_readdir(realfile, filler, rdd);
-			if (err >= 0)
-				err = rdd->err;
-		} while (!err && rdd->count);
-
-		revert_creds(old_cred);
-		put_cred(override_cred);
-	}
+	do {
+		rdd->count = 0;
+		rdd->err = 0;
+		err = vfs_readdir(realfile, filler, rdd);
+		if (err >= 0)
+			err = rdd->err;
+	} while (!err && rdd->count);
 	fput(realfile);
 
-	if (err) {
-		if (rdd->list)
-			ovl_cache_free(rdd->list);
-		return err;
-	}
-
 	return 0;
 }
 
@@ -410,10 +387,26 @@ static void ovl_dir_reset(struct file *f
 	}
 }
 
-static void ovl_dir_mark_whiteouts(struct ovl_readdir_data *rdd)
+static int ovl_dir_mark_whiteouts(struct ovl_readdir_data *rdd)
 {
 	struct ovl_cache_entry *p;
 	struct dentry *dentry;
+	const struct cred *old_cred;
+	struct cred *override_cred;
+
+	override_cred = prepare_creds();
+	if (!override_cred) {
+		ovl_cache_free(rdd->list);
+		return -ENOMEM;
+	}
+
+	/*
+	 * CAP_SYS_ADMIN for getxattr
+	 * CAP_DAC_OVERRIDE for lookup
+	 */
+	cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+	cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+	old_cred = override_creds(override_cred);
 
 	mutex_lock(&rdd->dir->d_inode->i_mutex);
 	list_for_each_entry(p, rdd->list, l_node) {
@@ -428,6 +421,11 @@ static void ovl_dir_mark_whiteouts(struc
 		dput(dentry);
 	}
 	mutex_unlock(&rdd->dir->d_inode->i_mutex);
+
+	revert_creds(old_cred);
+	put_cred(override_cred);
+
+	return 0;
 }
 
 static int ovl_dir_read_merged(struct path *upperpath, struct path *lowerpath,
@@ -444,7 +442,9 @@ static int ovl_dir_read_merged(struct pa
 		if (err)
 			goto out;
 
-		ovl_dir_mark_whiteouts(rdd);
+		err = ovl_dir_mark_whiteouts(rdd);
+		if (err)
+			goto out;
 	}
 	/*
 	 * Insert lowerpath entries before upperpath ones, this allows
@@ -1695,11 +1695,23 @@ static int ovl_remove_whiteouts(struct d
 	struct path upperpath;
 	struct dentry *upperdir;
 	struct ovl_cache_entry *p;
+	const struct cred *old_cred;
+	struct cred *override_cred;
 	int ret = 0;
 
 	ovl_path_upper(dir, &upperpath);
 	upperdir = upperpath.dentry;
 
+	override_cred = prepare_creds();
+	if (!override_cred)
+		return -ENOMEM;
+
+	/*
+	 * CAP_DAC_OVERRIDE for lookup and unlink
+	 */
+	cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+	old_cred = override_creds(override_cred);
+
 	mutex_lock(&upperdir->d_inode->i_mutex);
 	list_for_each_entry(p, list, l_node) {
 		if (p->is_whiteout) {
@@ -1718,6 +1730,9 @@ static int ovl_remove_whiteouts(struct d
 	}
 	mutex_unlock(&upperdir->d_inode->i_mutex);
 
+	revert_creds(old_cred);
+	put_cred(override_cred);
+
 	return ret;
 }
 
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux