Quoting Andy Whitcroft (apw@xxxxxxxxxxxxx): > On Fri, Feb 28, 2014 at 03:15:14PM +0100, Miklos Szeredi wrote: > > On Tue, Feb 25, 2014 at 6:31 PM, Serge Hallyn <serge.hallyn@xxxxxxxxxx> wrote: > > > To mark a file which exists in the lower layer as deleted, > > > it creates a symbolic link to a file called "(overlay-whiteout)" > > > in the writeable mount, and sets a "trusted.overlay" xattr > > > on that link. > > > > > > 1. When the create the symbolic link as container root, not > > > as the global root > > > > > > 2. Allow root in a container to edit "trusted.overlay*" > > > xattrs. Generally only global root is allowed to edit > > > "trusted.*" > > > > Shouldn't overlayfs just skip the permission checks and call > > __vfs_setxattr_noperm() instead? > > It does seem we should be avoiding the permissions here, as we have let > the thing be mounted we have done the permissions checks for that and for > the file access itself already. This operation is something we definatly > want to represent in the filesystem. D'oh. Yeah, that looks good. Andy, should I send a new patch, or can you make those changes inline? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
