Re: two questiones about overlayfs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vivek Goyal <vgoyal@redhat.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>,
	"zhangyi (F)" <yi.zhang@huawei.com>,
	overlayfs <linux-unionfs@vger.kernel.org>,
	miaoxie@huawei.com
Subject: Re: two questiones about overlayfs
Date: Tue, 15 Aug 2017 11:56:17 -0400	[thread overview]
Message-ID: <20170815155617.GC3551@redhat.com> (raw)
In-Reply-To: <CAJfpegv-u+=edQ+bpD-HqAMUYf+Yy-hg-CkVGRiG6VDPT=S7aw@mail.gmail.com>

On Tue, Aug 15, 2017 at 05:33:01PM +0200, Miklos Szeredi wrote:
> On Tue, Aug 15, 2017 at 5:28 PM, Amir Goldstein <amir73il@gmail.com> wrote:
> > On Tue, Aug 15, 2017 at 5:06 PM, Miklos Szeredi <miklos@szeredi.hu> wrote:
> >> On Tue, Aug 15, 2017 at 4:52 PM, Amir Goldstein <amir73il@gmail.com> wrote:
> >>> On Tue, Aug 15, 2017 at 3:35 PM, Miklos Szeredi <miklos@szeredi.hu> wrote:
> >>>> On Tue, Aug 08, 2017 at 07:01:30AM +0200, Amir Goldstein wrote:
> >>>>> On Mon, Aug 7, 2017 at 9:57 AM, zhangyi (F) <yi.zhang@huawei.com> wrote:
> >>>>
> >>>> [snip]
> >>>>
> >>>>> > 2. Chattr will modify lower file's attributes directly.
> >>>>> > Reproduce:
> >>>>> > # mkdir lower upper worker merger
> >>>>> > # touch lower/aa
> >>>>> > # lsattr -p lower/aa
> >>>>> >     0 --------------e---- lower/aa
> >>>>> > # mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=worker overlayfs merger
> >>>>> > # chattr -p 123 merger/aa             #set project id
> >>>>> > # lsattr -p lower/aa
> >>>>> >   123 --------------e---- lower/aa
> >>>>> >
> >>>>> > If we try to set "immutable" or any other attributes, the result are consistent.
> >>>>> > Because chattr open file in RDONLY mode, so it will not trigger copyup, and then,
> >>>>> > FS_IOC_SETFLAGS ioctl will get the lower inode and modify it.
> >>>>>
> >>>>> Ouch! I guess it's a "known to some" issue.
> >>>>> Fixing this would be a pain (intercept ioctl and whitelisting readonly
> >>>>> fs specific ioctls).
> >>>>
> >>>> Fixing ioctl properly would be a pain.  But we can hack around the issue, and
> >>>> just deny it for now.
> >>>>
> >>>> See patch below
> >>>
> >>> I like this, but it will require good test coverage of fs specific ioctls.
> >>> The list of filesystems that call  mnt_want_write_file() for ioctl is not short.
> >>
> >> If it's called from within the filesystem, then the new behavior is
> >> certainly the correct one.
> >
> > It certainly is. It doesn't mean that fixing incorrect behavior won't
> > lead to unacceptable regressions, which may require explicit
> > d_real() call from filesystem to be fixed.
> 
> I don't get it.  The only possible regression is denying modification
> on lower layer where previously was allowed.  But anybody relying on
> that would be pretty crazy.

Hi Miklos,

IIUC, so now "chattr -p <id>" will fail on overlayfs (assume file has not
been copied up yet).

IOW, on overlayfs, will it be responsibility of user space to make
sure file has been copied up, for chattr operation to succeed? Does that
mean we need to modify chattr to open file for WRITE instead of READ.

Vivek

next prev parent reply	other threads:[~2017-08-15 15:56 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-07  7:57 two questiones about overlayfs zhangyi (F)
2017-08-08  5:01 ` Amir Goldstein
2017-08-08 20:21   ` Vivek Goyal
2017-08-08 21:01     ` Daniel Walsh
2017-08-15 10:22   ` Miklos Szeredi
2017-08-15 13:35   ` Miklos Szeredi
2017-08-15 14:52     ` Amir Goldstein
2017-08-15 15:06       ` Miklos Szeredi
2017-08-15 15:28         ` Amir Goldstein
2017-08-15 15:33           ` Miklos Szeredi
2017-08-15 15:53             ` Amir Goldstein
2017-08-15 15:56             ` Vivek Goyal [this message]
2017-08-15 16:16               ` Amir Goldstein
2017-08-16 10:19                 ` Miklos Szeredi
2017-08-16 10:20                   ` Miklos Szeredi
2017-08-16 11:10                   ` Amir Goldstein
2017-08-17  2:55                     ` zhangyi (F)
2017-08-17  7:49                       ` Amir Goldstein
2017-08-16 13:52                   ` Vivek Goyal
2017-08-16 16:12                     ` Amir Goldstein
2017-08-16 18:37                       ` Vivek Goyal
2017-09-11 13:34 ` Amir Goldstein
2017-09-12  1:07   ` zhangyi (F)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170815155617.GC3551@redhat.com \
    --to=vgoyal@redhat.com \
    --cc=amir73il@gmail.com \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miaoxie@huawei.com \
    --cc=miklos@szeredi.hu \
    --cc=yi.zhang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.