On Thu, 7 Jul 2022 at 12:33, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> On Thu, Jul 07, 2022 at 09:58:47AM +0200, Miklos Szeredi wrote:
> > On Wed, 6 Jul 2022 at 15:59, Christian Brauner <brauner@xxxxxxxxxx> wrote:
> > However I don't think clearing SB_POSIXACL will do that.
> >
> > Maybe denying the operation in ovl_posix_acl_xattr_{get,set}() is the
> > right way to achieve the above?
>
> Hm, removing SB_POSIXACL in my tests fixed that completely. But we can
> add an additional check:
Strange... In my tests just clearing SB_POSIXACL will still let
overlayfs get and set ACL's.
>
> if (!IS_POSIXACL(inode))
> return -EOPNOTSUPP;
>
> to both helpers additionally? Can you do that when you apply or do you
> want me to send a version with that added?
Added, also simplified ovl_has_idmapped_layers().
Pushed to #overlayfs-next and will send to Linus next week.
Thanks,
Miklos
