On Thu, Sep 15, 2016 at 4:40 AM, Levin, Alexander
<alexander.levin@xxxxxxxxxxx> wrote:
> From: Miklos Szeredi <mszeredi@xxxxxxxxxx>
>
> This patch has been added to the 3.18 stable tree. If you have any
> objections, please let us know.
You'll need e1ff3dd1ae52 ("ovl: fix workdir creation") as well, which
fixes the fix.
Thanks,
Miklos
>
> ===============
>
> [ Upstream commit c11b9fdd6a612f376a5e886505f1c54c16d8c380 ]
>
> Clear out posix acl xattrs on workdir and also reset the mode after
> creation so that an inherited sgid bit is cleared.
>
> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
> ---
> fs/overlayfs/super.c | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index b2361a1..963dba3 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -545,6 +545,10 @@ retry:
> struct kstat stat = {
> .mode = S_IFDIR | 0,
> };
> + struct iattr attr = {
> + .ia_valid = ATTR_MODE,
> + .ia_mode = stat.mode,
> + };
>
> if (work->d_inode) {
> err = -EEXIST;
> @@ -560,6 +564,21 @@ retry:
> err = ovl_create_real(dir, work, &stat, NULL, NULL, true);
> if (err)
> goto out_dput;
> +
> + err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
> + if (err && err != -ENODATA)
> + goto out_dput;
> +
> + err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
> + if (err && err != -ENODATA)
> + goto out_dput;
> +
> + /* Clear any inherited mode bits */
> + mutex_lock(&work->d_inode->i_mutex);
> + err = notify_change(work, &attr, NULL);
> + mutex_unlock(&work->d_inode->i_mutex);
> + if (err)
> + goto out_dput;
> }
> out_unlock:
> mutex_unlock(&dir->i_mutex);
> --
> 2.7.4
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html