diff options
| author | Miklos Szeredi | 2016-07-29 12:05:23 +0200 |
|---|---|---|
| committer | Miklos Szeredi | 2016-07-29 12:05:23 +0200 |
| commit | 9c630ebefeeee4363ffd29f2f9b18eddafc6479c (patch) | |
| tree | 377086556cf88b99ffba8b935c6a72d1f365ba9c /fs/overlayfs/inode.c | |
| parent | ovl: do not require mounter to have MAY_WRITE on lower (diff) | |
| download | kernel-qcow2-linux-9c630ebefeeee4363ffd29f2f9b18eddafc6479c.tar.gz kernel-qcow2-linux-9c630ebefeeee4363ffd29f2f9b18eddafc6479c.tar.xz kernel-qcow2-linux-9c630ebefeeee4363ffd29f2f9b18eddafc6479c.zip | |
ovl: simplify permission checking
The fact that we always do permission checking on the overlay inode and
clear MAY_WRITE for checking access to the lower inode allows cruft to be
removed from ovl_permission().
1) "default_permissions" option effectively did generic_permission() on the
overlay inode with i_mode, i_uid and i_gid updated from underlying
filesystem. This is what we do by default now. It did the update using
vfs_getattr() but that's only needed if the underlying filesystem can
change (which is not allowed). We may later introduce a "paranoia_mode"
that verifies that mode/uid/gid are not changed.
2) splitting out the IS_RDONLY() check from inode_permission() also becomes
unnecessary once we remove the MAY_WRITE from the lower inode check.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/overlayfs/inode.c')
| -rw-r--r-- | fs/overlayfs/inode.c | 46 |
1 files changed, 1 insertions, 45 deletions
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 8f7dd547cfb3..66f42f5cf705 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -124,29 +124,6 @@ int ovl_permission(struct inode *inode, int mask) const struct cred *old_cred; int err; - if (ovl_is_default_permissions(inode)) { - struct kstat stat; - struct path realpath = { .dentry = realdentry }; - - if (mask & MAY_NOT_BLOCK) - return -ECHILD; - - realpath.mnt = ovl_entry_mnt_real(oe, inode, is_upper); - - err = vfs_getattr(&realpath, &stat); - if (err) - return err; - - if ((stat.mode ^ inode->i_mode) & S_IFMT) - return -ESTALE; - - inode->i_mode = stat.mode; - inode->i_uid = stat.uid; - inode->i_gid = stat.gid; - - return generic_permission(inode, mask); - } - /* Careful in RCU walk mode */ realinode = d_inode_rcu(realdentry); if (!realinode) { @@ -154,27 +131,6 @@ int ovl_permission(struct inode *inode, int mask) return -ENOENT; } - if (mask & MAY_WRITE) { - umode_t mode = realinode->i_mode; - - /* - * Writes will always be redirected to upper layer, so - * ignore lower layer being read-only. - * - * If the overlay itself is read-only then proceed - * with the permission check, don't return EROFS. - * This will only happen if this is the lower layer of - * another overlayfs. - * - * If upper fs becomes read-only after the overlay was - * constructed return EROFS to prevent modification of - * upper layer. - */ - if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && - (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) - return -EROFS; - } - /* * Check overlay inode with the creds of task and underlying inode * with creds of mounter @@ -186,7 +142,7 @@ int ovl_permission(struct inode *inode, int mask) old_cred = ovl_override_creds(inode->i_sb); if (!is_upper) mask &= ~(MAY_WRITE | MAY_APPEND); - err = __inode_permission(realinode, mask); + err = inode_permission(realinode, mask); revert_creds(old_cred); return err; |