From: Christian Brauner <brauner@kernel.org>
To: Seth Forshee <sforshee@digitalocean.com>,
Amir Goldstein <amir73il@gmail.com>,
Miklos Szeredi <mszeredi@redhat.com>
Cc: "Christian Brauner (Microsoft)" <brauner@kernel.org>,
Vivek Goyal <vgoyal@redhat.com>, Christoph Hellwig <hch@lst.de>,
Aleksa Sarai <cyphar@cyphar.com>,
linux-unionfs@vger.kernel.org
Subject: [PATCH v2 0/3] ovl: acl fixes
Date: Fri, 8 Jul 2022 11:01:31 +0200 [thread overview]
Message-ID: <20220708090134.385160-1-brauner@kernel.org> (raw)
From: "Christian Brauner (Microsoft)" <brauner@kernel.org>
Hey everyone,
Hey Miklos,
This is the series I described and announced in the commit message to
the patch I sent yesterdat (see [1]). It enables POSIX ACLs for
overlayfs on top of idmapped layers. It encompasses everything that is
needed to make this work correctly. There is a detailed explanation in
the first patch of this series so I won't repeat it all here in the
cover letter.
My plan would be to get this ready for the next merge window.
Once Miklos has merged the temporary fix I sent out yesterday in [1] and
it shows up in mainline I will rebase this series on top of the next
mainline rc. I will then add a revert of the fix in [1] to this series
reenabling POSIX ACL support for overlayfs on top of idmapped layers.
I will also merge in the vfs{g,u}id_t work that is in -next replacing
the old idmapped mount helpers with the new type safe idmapping helpers.
This survives LTP and xfstests:
sudo ./runltp -f fs_perms_simple,fs_bind,containers,cap_bounds,cve,uevent,filecaps
sudo ./check -g quick
sudo ./check -g overlay/union -overlay
sudo ./check -g quick -overlay
sudo ./check -g overlay/union -overlay # export IDMAPPED_MOUNTS=true
sudo ./check -g quick -overlay # export IDMAPPED_MOUNTS=true
Note that I'll be on vacation next week and so will be looking at mail
less frequently.
Thanks!
Christian
[1]: https://lore.kernel.org/linux-unionfs/20220707130520.321344-1-brauner@kernel.org
Christian Brauner (3):
acl: move idmapped mount fixup into vfs_{g,s}etxattr()
acl: make posix_acl_clone() available to overlayfs
ovl: handle idmappings in ovl_get_acl()
fs/ksmbd/vfs.c | 2 +-
fs/ksmbd/vfs.h | 2 +-
fs/overlayfs/inode.c | 86 +++++++++++++++++--
fs/overlayfs/overlayfs.h | 3 +-
fs/posix_acl.c | 142 ++++++++++++++++++++++----------
fs/xattr.c | 25 ++++--
include/linux/posix_acl.h | 1 +
include/linux/posix_acl_xattr.h | 34 +++++---
include/linux/xattr.h | 2 +-
9 files changed, 224 insertions(+), 73 deletions(-)
base-commit: 88084a3df1672e131ddc1b4e39eeacfd39864acf
--
2.34.1
next reply other threads:[~2022-07-08 9:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-08 9:01 Christian Brauner [this message]
2022-07-08 9:01 ` [PATCH v2 1/3] acl: move idmapped mount fixup into vfs_{g,s}etxattr() Christian Brauner
2022-07-14 21:36 ` Seth Forshee
2022-07-08 9:01 ` [PATCH v2 2/3] acl: make posix_acl_clone() available to overlayfs Christian Brauner
2022-07-14 21:36 ` Seth Forshee
2022-07-08 9:01 ` [PATCH v2 3/3] ovl: handle idmappings in ovl_get_acl() Christian Brauner
2022-07-14 21:37 ` Seth Forshee
2022-07-13 10:18 ` [PATCH v2 0/3] ovl: acl fixes Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220708090134.385160-1-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=cyphar@cyphar.com \
--cc=hch@lst.de \
--cc=linux-unionfs@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=sforshee@digitalocean.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.