From patchwork Tue Jan 10 18:30:21 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
X-Patchwork-Id: 9508299
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9E8F660231 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 10 Jan 2017 18:32:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9539B28595
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 10 Jan 2017 18:32:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 89AE628599; Tue, 10 Jan 2017 18:32:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14A6628595
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 10 Jan 2017 18:32:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934300AbdAJSb1 (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 10 Jan 2017 13:31:27 -0500
Received: from forwardcorp1h.cmail.yandex.net ([87.250.230.216]:57224 "EHLO
	forwardcorp1h.cmail.yandex.net" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1752556AbdAJSa2 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 10 Jan 2017 13:30:28 -0500
Received: from smtpcorp1m.mail.yandex.net (smtpcorp1m.mail.yandex.net
	[IPv6:2a02:6b8:0:2519::120])
	by forwardcorp1h.cmail.yandex.net (Yandex) with ESMTP id 9EC6B20CC4;
	Tue, 10 Jan 2017 21:30:25 +0300 (MSK)
Received: from smtpcorp1m.mail.yandex.net (localhost.localdomain [127.0.0.1])
	by smtpcorp1m.mail.yandex.net (Yandex) with ESMTP id 9D0254B40C44;
	Tue, 10 Jan 2017 21:30:25 +0300 (MSK)
Received: from unknown (unknown [2a02:6b8:0:4::1:3e])
	by smtpcorp1m.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
	EgnsMOOeNa-UPHWTPk4; Tue, 10 Jan 2017 21:30:25 +0300
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (Client certificate not present)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru;
	s=default;
	t=1484073025; bh=CHLpzeIk4ZwFnmDib8plEO0dTCqmnBQB49vP4GqI/ZI=;
	h=Subject:From:To:Cc:Date:Message-ID:In-Reply-To:References;
	b=StIVFlJ1xioll3qrEHB0RF3nMv71mrUc89SZGKtVznod+vQd+1ikqp8Pnaha+7nLg
	aAUxNwAD4FeWkTPtd7ZveFV6sVUYTjN+HkuBY3jRYCdVEvcpqiPzqQCzbrhHCSnNWw
	wbS24yl9nBqy7sXj29+glJ+x5jvIvr7GCAbuv3tM=
Authentication-Results: smtpcorp1m.mail.yandex.net;
	dkim=pass header.i=@yandex-team.ru
Subject: [PATCH v2] ovl: drop CAP_SYS_RESOURCE from saved mounter's
	credentials
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-unionfs@vger.kernel.org
Cc: Amir Goldstein <amir73il@gmail.com>, Vivek Goyal <vgoyal@redhat.com>,
	Miklos Szeredi <miklos@szeredi.hu>
Date: Tue, 10 Jan 2017 21:30:21 +0300
Message-ID: <148407302133.16047.411379729888561193.stgit@buzz>
In-Reply-To: <148404760886.4400.14907571208759802396.stgit@buzz>
References: <148404760886.4400.14907571208759802396.stgit@buzz>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

If overlay was mounted by root then quota set for upper layer does not work
because overlay now always use mounter's credentials for operations.
Also overlay might deplete reserved space and inodes in ext4.

This patch drops capability SYS_RESOURCE from saved credentials.
This affects creation new files, whiteouts, and copy-up operations.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Fixes: 1175b6b8d963 ("ovl: do operations on underlying file system in mounter's context")
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>
---
 fs/overlayfs/super.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 20f48abbb82f..8dba982e1af5 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -701,6 +701,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 	unsigned int stacklen = 0;
 	unsigned int i;
 	bool remote = false;
+	struct cred *cred;
 	int err;
 
 	err = -ENOMEM;
@@ -870,10 +871,14 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 	else
 		sb->s_d_op = &ovl_dentry_operations;
 
-	ufs->creator_cred = prepare_creds();
-	if (!ufs->creator_cred)
+	cred = prepare_creds();
+	if (!cred)
 		goto out_put_lower_mnt;
 
+	/* Never override disk quota limits or use reserved space */
+	cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
+	ufs->creator_cred = cred;
+
 	err = -ENOMEM;
 	oe = ovl_alloc_entry(numlower);
 	if (!oe)