OpenCloudOS-Kernel/fs/overlayfs
Mike Baynton bf47be5479 ovl: fail if trusted xattrs are needed but caller lacks permission
commit 6c4a5f96450415735c31ed70ff354f0ee5cbf67b upstream.

Some overlayfs features require permission to read/write trusted.*
xattrs. These include redirect_dir, verity, metacopy, and data-only
layers. This patch adds additional validations at mount time to stop
overlays from mounting in certain cases where the resulting mount would
not function according to the user's expectations because they lack
permission to access trusted.* xattrs (for example, not global root.)

Similar checks in ovl_make_workdir() that disable features instead of
failing are still relevant and used in cases where the resulting mount
can still work "reasonably well." Generally, if the feature was enabled
through kernel config or module option, any mount that worked before
will still work the same; this applies to redirect_dir and metacopy. The
user must explicitly request these features in order to generate a mount
failure. Verity and data-only layers on the other hand must be explictly
requested and have no "reasonable" disabled or degraded alternative, so
mounts attempting either always fail.

"lower data-only dirs require metacopy support" moved down in case
userxattr is set, which disables metacopy.

Cc: stable@vger.kernel.org # v6.6+
Signed-off-by: Mike Baynton <mike@mbaynton.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-10-10 11:57:44 +02:00
..
Kconfig ovl: Kconfig: introduce CONFIG_OVERLAY_FS_DEBUG 2023-08-12 19:02:53 +03:00
Makefile ovl: modify layer parameter parsing 2023-06-20 14:10:40 +03:00
copy_up.c v6.6-rc4.vfs.fixes 2023-09-26 08:50:30 -07:00
dir.c ovl: remove upper umask handling from ovl_create_upper() 2024-06-12 11:12:24 +02:00
export.c ovl: fix encoding fid for lower only root 2024-06-27 13:49:12 +02:00
file.c ovl: fix file reference leak when submitting aio 2023-10-02 13:08:31 +03:00
inode.c fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-12-03 07:33:03 +01:00
namei.c ovl: make consistent use of OVL_FS() 2023-08-12 19:02:54 +03:00
overlayfs.h fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-12-03 07:33:03 +01:00
ovl_entry.h ovl: make use of ->layers safe in rcu pathwalk 2023-10-02 17:45:02 +03:00
params.c ovl: fail if trusted xattrs are needed but caller lacks permission 2024-10-10 11:57:44 +02:00
params.h ovl: store and show the user provided lowerdir mount option 2024-03-26 18:19:18 -04:00
readdir.c vfs: get rid of old '->iterate' directory operation 2023-08-06 15:08:35 +02:00
super.c ovl: store and show the user provided lowerdir mount option 2024-03-26 18:19:18 -04:00
util.c overlayfs update for 6.6 2023-08-30 11:54:09 -07:00