On Thu, Sep 15, 2016 at 4:40 AM, Levin, Alexander <alexander.levin@xxxxxxxxxxx> wrote: > From: Miklos Szeredi <mszeredi@xxxxxxxxxx> > > This patch has been added to the 3.18 stable tree. If you have any > objections, please let us know. You'll need e1ff3dd1ae52 ("ovl: fix workdir creation") as well, which fixes the fix. Thanks, Miklos > > =============== > > [ Upstream commit c11b9fdd6a612f376a5e886505f1c54c16d8c380 ] > > Clear out posix acl xattrs on workdir and also reset the mode after > creation so that an inherited sgid bit is cleared. > > Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx> > --- > fs/overlayfs/super.c | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c > index b2361a1..963dba3 100644 > --- a/fs/overlayfs/super.c > +++ b/fs/overlayfs/super.c > @@ -545,6 +545,10 @@ retry: > struct kstat stat = { > .mode = S_IFDIR | 0, > }; > + struct iattr attr = { > + .ia_valid = ATTR_MODE, > + .ia_mode = stat.mode, > + }; > > if (work->d_inode) { > err = -EEXIST; > @@ -560,6 +564,21 @@ retry: > err = ovl_create_real(dir, work, &stat, NULL, NULL, true); > if (err) > goto out_dput; > + > + err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT); > + if (err && err != -ENODATA) > + goto out_dput; > + > + err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS); > + if (err && err != -ENODATA) > + goto out_dput; > + > + /* Clear any inherited mode bits */ > + mutex_lock(&work->d_inode->i_mutex); > + err = notify_change(work, &attr, NULL); > + mutex_unlock(&work->d_inode->i_mutex); > + if (err) > + goto out_dput; > } > out_unlock: > mutex_unlock(&dir->i_mutex); > -- > 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html