Hi, It seems some results of permission checking are cached in situations where it looks like they shouldn't be. See the following test-case: # umask 022 # mkdir ro rw work mnt # chmod 700 ro # echo bar > ro/foo # mount overlay -t overlay -olowerdir=$PWD/ro,upperdir=$PWD/rw,workdir=$PWD/work mnt # echo 3 > /proc/sys/vm/drop_caches # sudo -u nobody cat mnt/foo cat: mnt/foo: Permission denied # cat mnt/foo bar # sudo -u nobody cat mnt/foo bar So it seems that when the caches are empty, checking access to mnt/foo eventually checks access to ro/foo, which for user nobody is denied. But as soon as some user that has access to underlying ro/foo triggers a successful access to mnt/foo, user nobody succeeds in accessing it as well. I admit this setup is a bit twisted, but I suppose this behavior qualifies as a bug. Cheers, Ignacy PS: I've filed a bug in the kernel bugtracker about this issue as well: https://bugzilla.kernel.org/show_bug.cgi?id=111131 . -- Ignacy Gawędzki R&D Engineer Green Communications -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
