On Fri, Feb 28, 2014 at 03:15:14PM +0100, Miklos Szeredi wrote: > On Tue, Feb 25, 2014 at 6:31 PM, Serge Hallyn <serge.hallyn@xxxxxxxxxx> wrote: > > To mark a file which exists in the lower layer as deleted, > > it creates a symbolic link to a file called "(overlay-whiteout)" > > in the writeable mount, and sets a "trusted.overlay" xattr > > on that link. > > > > 1. When the create the symbolic link as container root, not > > as the global root > > > > 2. Allow root in a container to edit "trusted.overlay*" > > xattrs. Generally only global root is allowed to edit > > "trusted.*" > > Shouldn't overlayfs just skip the permission checks and call > __vfs_setxattr_noperm() instead? It does seem we should be avoiding the permissions here, as we have let the thing be mounted we have done the permissions checks for that and for the file access itself already. This operation is something we definatly want to represent in the filesystem. -apw -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
