On Fri, Jun 28, 2019 at 11:45:58AM -0700, Srivatsa S. Bhat wrote: > From: Vivek Goyal <vgoyal@xxxxxxxxxx> > > commit c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 upstream. > > Right now ovl_permission() calls __inode_permission(realinode), to do > permission checks on real inode and no checks are done on overlay inode. > > Modify it to do checks both on overlay inode as well as underlying inode. > Checks on overlay inode will be done with the creds of calling task while > checks on underlying inode will be done with the creds of mounter. > > Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx> > Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> > [ Srivatsa: 4.4.y backport: > - Skipped the hunk modifying non-existent function ovl_get_acl() > - Adjusted the error path > - Included linux/cred.h to get prototype for revert_creds() ] > Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@xxxxxxxxxxxxx> Applied, thanks. greg k-h
