On Tue, Aug 08, 2017 at 07:01:30AM +0200, Amir Goldstein wrote:
[CC Dan Walsh]
[..]
> > 2. Chattr will modify lower file's attributes directly.
> > Reproduce:
> > # mkdir lower upper worker merger
> > # touch lower/aa
> > # lsattr -p lower/aa
> > 0 --------------e---- lower/aa
> > # mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=worker overlayfs merger
> > # chattr -p 123 merger/aa #set project id
> > # lsattr -p lower/aa
> > 123 --------------e---- lower/aa
> >
> > If we try to set "immutable" or any other attributes, the result are consistent.
> > Because chattr open file in RDONLY mode, so it will not trigger copyup, and then,
> > FS_IOC_SETFLAGS ioctl will get the lower inode and modify it.
>
> Ouch! I guess it's a "known to some" issue.
> Fixing this would be a pain (intercept ioctl and whitelisting readonly
> fs specific ioctls).
> Hopefully, at least sepolicy would prevent these unauthorized changes
> to lower if
> selinux is used??
I tried it in a docker container on Fedora 26 host and selinux seemed to
block it.
[root@947c53c7d69a bin]# lsattr -p zcat
0 ------------------- zcat
[root@947c53c7d69a bin]# chattr -p 123 zcat
chattr: Permission denied while setting flags on zcat
Aug 08 16:15:37 audit[24865]: AVC avc: denied { setattr } for
pid=24865 comm="chattr" path="/usr/bin/zcat" dev="dm-0" ino=17358919
scontext=system_u:system_r:container_t:s0:c403,c847
tcontext=system_u:object_r:container_share_t:s0 tclass=file permissive=0
But this should probably be properly fixed.
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
