ovl: handle idmappings in ovl_get_acl() - kernel/linux.git

diff options

author	Christian Brauner <brauner@kernel.org>	2022-07-06 19:09:12 +0300
committer	Christian Brauner (Microsoft) <brauner@kernel.org>	2022-07-15 23:10:20 +0300
commit	1aa5fef575a839a6d01bfacd7e912dfffd0a4345 (patch)
tree	ed1ca05fc170723a90a819f2310ca21dc8bfffea /fs/overlayfs/super.c
parent	8043bffd01833a8544f2466fb3804310d6e73d09 (diff)
download	linux-1aa5fef575a839a6d01bfacd7e912dfffd0a4345.tar.xz

ovl: handle idmappings in ovl_get_acl()

During permission checking overlayfs will call ovl_permission() -> generic_permission() -> acl_permission_check() -> check_acl() -> get_acl() -> inode->i_op->get_acl() == ovl_get_acl() -> get_acl() /* on the underlying filesystem */ -> inode->i_op->get_acl() == /*lower filesystem callback */ -> posix_acl_permission() passing through the get_acl() request to the underlying filesystem. Before returning these values to the VFS we need to take the idmapping of the relevant layer into account and translate any ACL_{GROUP,USER} values according to the idmapped mount. We cannot alter the ACLs returned from the relevant layer directly as that would alter the cached values filesystem wide for the lower filesystem. Instead we can clone the ACLs and then apply the relevant idmapping of the layer. This is obviously only relevant when idmapped layers are used. Link: https://lore.kernel.org/r/20220708090134.385160-4-brauner@kernel.org Cc: Seth Forshee <sforshee@digitalocean.com> Cc: Amir Goldstein <amir73il@gmail.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Aleksa Sarai <cyphar@cyphar.com> Cc: Miklos Szeredi <mszeredi@redhat.com> Cc: linux-unionfs@vger.kernel.org Reviewed-by: Seth Forshee <sforshee@digitalocean.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

Diffstat (limited to 'fs/overlayfs/super.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: