UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

ovl: rearrange ovl_can_list() 

ovl_can_list() should return false for overlay private xattrs.  Since
currently these use the "trusted.overlay." prefix, they will always match
the "trusted." prefix as well, hence the test for being non-trusted will
not trigger.

Prepare for using the "user.overlay." namespace by moving the test for
private xattr before the test for non-trusted.

This patch doesn't change behavior.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
Miklos Szeredi 2020-09-02 10:58:49 +02:00
parent 43d193f844
commit 8f6ee74c27
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
fs/overlayfs/inode.c
View File

@ -393,13 +393,16 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
static bool ovl_can_list(struct super_block *sb, const char *s) static bool ovl_can_list(struct super_block *sb, const char *s)
{ {
/* Never list private (.overlay) */
if (ovl_is_private_xattr(sb, s))
return false;
/* List all non-trusted xatts */ /* List all non-trusted xatts */
if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0) if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
return true; return true;
/* Never list trusted.overlay, list other trusted for superuser only */ /* list other trusted for superuser only */
return !ovl_is_private_xattr(sb, s) && return ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
} }
ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)