diff mbox

[8/9] overlayfs: Dilute permission checks on lower only if not special file

Message ID 1468421095-22322-9-git-send-email-vgoyal@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Vivek Goyal July 13, 2016, 2:44 p.m. UTC 
Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from
mask as lower/ will never be written and file will be copied up. But this
is not true for special files. These files are not copied up and are
opened in place. So don't dilute the checks for these types of files.

Reported-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
 fs/overlayfs/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Miklos Szeredi July 14, 2016, 6:51 a.m. UTC | #1 
On Wed, Jul 13, 2016 at 4:44 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from
> mask as lower/ will never be written and file will be copied up. But this
> is not true for special files. These files are not copied up and are
> opened in place. So don't dilute the checks for these types of files.

Pushed this one as well.

Miklos

>
> Reported-by: Dan Walsh <dwalsh@redhat.com>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
>  fs/overlayfs/inode.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> index 66f42f5..6d9d86e 100644
> --- a/fs/overlayfs/inode.c
> +++ b/fs/overlayfs/inode.c
> @@ -140,7 +140,7 @@ int ovl_permission(struct inode *inode, int mask)
>                 return err;
>
>         old_cred = ovl_override_creds(inode->i_sb);
> -       if (!is_upper)
> +       if (!is_upper && !special_file(realinode->i_mode))
>                 mask &= ~(MAY_WRITE | MAY_APPEND);
>         err = inode_permission(realinode, mask);
>         revert_creds(old_cred);
> --
> 2.7.4
>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 66f42f5..6d9d86e 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -140,7 +140,7 @@  int ovl_permission(struct inode *inode, int mask)
 		return err;
 
 	old_cred = ovl_override_creds(inode->i_sb);
-	if (!is_upper)
+	if (!is_upper && !special_file(realinode->i_mode))
 		mask &= ~(MAY_WRITE | MAY_APPEND);
 	err = inode_permission(realinode, mask);
 	revert_creds(old_cred);