Re: [PATCH v5 2/3] overlayfs: check CAP_MKNOD before issuing vfs_whiteout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 28, 2018 at 8:43 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
>
> On Tue, Aug 28, 2018 at 7:53 PM Mark Salyzyn <salyzyn@xxxxxxxxxxx> wrote:
> >
> > Assumption never checked, should fail if the mounter creds are not
> > sufficient.
> >
> > Signed-off-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx>
> > Cc: Miklos Szeredi <miklos@xxxxxxxxxx>
> > Cc: Jonathan Corbet <corbet@xxxxxxx>
> > Cc: Vivek Goyal <vgoyal@xxxxxxxxxx>
> > Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> > Cc: Amir Goldstein <amir73il@xxxxxxxxx>
> > Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
> > Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>
> > Cc: linux-unionfs@xxxxxxxxxxxxxxx
> > Cc: linux-doc@xxxxxxxxxxxxxxx
> > Cc: linux-kernel@xxxxxxxxxxxxxxx
> >
> > v5
> > - dependency of "overlayfs: override_creds=off option bypass creator_cred"
> > ---
> >  fs/overlayfs/overlayfs.h | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
> > index 7538b9b56237..bf3a80157d42 100644
> > --- a/fs/overlayfs/overlayfs.h
> > +++ b/fs/overlayfs/overlayfs.h
> > @@ -176,7 +176,7 @@ static inline int ovl_do_rename(struct inode *olddir, struct dentry *olddentry,
> >
> >  static inline int ovl_do_whiteout(struct inode *dir, struct dentry *dentry)
> >  {
> > -       int err = vfs_whiteout(dir, dentry);
> > +       int err = capable(CAP_MKNOD) ? vfs_whiteout(dir, dentry) : -EPERM;
>
> Should that be ns_capable()? Should the test go into vfs_whiteout()?
> I feel there is no convention at all.
>

Nevermind, I don't think creating a whiteout poses any risk, so don't think
we need to worry about CAP_MKNOD.

Thanks,
Amir.



[Index of Archives]     [Linux Filesystems Devel]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux