From: ebiederm@xmission.com (Eric W. Biederman)
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: viro@ZenIV.linux.org.uk, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, hch@infradead.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
apw@canonical.com, nbd@openwrt.org, neilb@suse.de,
hramrach@centrum.cz, jordipujolp@gmail.com,
ezk@fsl.cs.sunysb.edu, ricwheeler@gmail.com, dhowells@redhat.com,
hpj@urpla.net, sedat.dilek@googlemail.com, penberg@kernel.org,
goran.cetusic@gmail.com, romain@orebokech.com, mszeredi@suse.cz
Subject: Re: [PATCH 04/13] overlay filesystem
Date: Wed, 15 Aug 2012 23:24:48 -0700 [thread overview]
Message-ID: <87zk5v5p73.fsf@xmission.com> (raw)
In-Reply-To: <1345045700-9062-5-git-send-email-miklos@szeredi.hu> (Miklos Szeredi's message of "Wed, 15 Aug 2012 17:48:11 +0200")
Miklos Szeredi <miklos@szeredi.hu> writes:
Minor nits below.
> diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
> new file mode 100644
> index 0000000..6b50823
> --- /dev/null
> +++ b/fs/overlayfs/dir.c
> @@ -0,0 +1,598 @@
> +/*
> + *
> + * Copyright (C) 2011 Novell Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 as published by
> + * the Free Software Foundation.
> + */
> +
> +#include <linux/fs.h>
> +#include <linux/namei.h>
> +#include <linux/xattr.h>
> +#include <linux/security.h>
> +#include <linux/cred.h>
> +#include "overlayfs.h"
> +
> +static const char *ovl_whiteout_symlink = "(overlay-whiteout)";
> +
> +static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
> +{
> + int err;
> + struct dentry *newdentry;
> + const struct cred *old_cred;
> + struct cred *override_cred;
> +
> + /* FIXME: recheck lower dentry to see if whiteout is really
> needed */
Is that FIXME still valid?
> + err = -ENOMEM;
> + override_cred = prepare_creds();
> + if (!override_cred)
> + goto out;
> +
> + /*
> + * CAP_SYS_ADMIN for setxattr
> + * CAP_DAC_OVERRIDE for symlink creation
> + * CAP_FOWNER for unlink in sticky directory
> + */
> + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
> + cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
> + cap_raise(override_cred->cap_effective, CAP_FOWNER);
> + override_cred->fsuid = 0;
> + override_cred->fsgid = 0;
Could you please make these GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
instead of 0? Otherwise this code won't compile with the usernamespace
bits enabled.
> + old_cred = override_creds(override_cred);
Eric
next prev parent reply other threads:[~2012-08-16 6:24 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 15:48 [PATCH 00/13] overlay filesystem: request for inclusion (v14) Miklos Szeredi
2012-08-15 15:48 ` [PATCH 01/13] vfs: add i_op->open() Miklos Szeredi
2012-08-15 17:21 ` J. Bruce Fields
2012-08-15 20:28 ` NeilBrown
2012-08-16 10:10 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 02/13] vfs: export do_splice_direct() to modules Miklos Szeredi
2012-08-15 15:48 ` [PATCH 03/13] vfs: introduce clone_private_mount() Miklos Szeredi
2012-08-15 15:48 ` [PATCH 04/13] overlay filesystem Miklos Szeredi
2012-08-16 6:24 ` Eric W. Biederman [this message]
2012-08-16 10:25 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 05/13] overlayfs: add statfs support Miklos Szeredi
2012-08-17 18:20 ` Ben Hutchings
2012-08-29 22:48 ` Miklos Szeredi
2012-08-30 5:54 ` Ben Hutchings
2012-08-31 12:47 ` J. R. Okajima
2012-08-15 15:48 ` [PATCH 06/13] overlayfs: implement show_options Miklos Szeredi
2012-08-15 15:48 ` [PATCH 07/13] overlay: overlay filesystem documentation Miklos Szeredi
2012-08-15 19:53 ` J. Bruce Fields
2012-08-16 10:09 ` Miklos Szeredi
2012-09-10 1:47 ` Jan Engelhardt
2012-09-10 3:18 ` NeilBrown
2012-08-15 15:48 ` [PATCH 08/13] fs: limit filesystem stacking depth Miklos Szeredi
2012-08-16 8:02 ` Sedat Dilek
2012-08-16 8:30 ` Sedat Dilek
2012-08-16 10:42 ` Miklos Szeredi
2012-08-16 13:24 ` Sedat Dilek
2012-09-03 15:05 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 09/13] overlayfs: fix possible leak in ovl_new_inode Miklos Szeredi
2012-08-15 15:48 ` [PATCH 10/13] overlayfs: create new inode in ovl_link Miklos Szeredi
2012-08-15 15:48 ` [PATCH 11/13] vfs: export __inode_permission() to modules Miklos Szeredi
2012-08-15 17:17 ` Sedat Dilek
2012-08-15 15:48 ` [PATCH 12/13] ovl: switch to __inode_permission() Miklos Szeredi
2012-08-15 16:59 ` Casey Schaufler
2012-08-15 17:07 ` Andy Whitcroft
2012-08-15 17:34 ` Casey Schaufler
2012-08-15 15:48 ` [PATCH 13/13] overlayfs: copy up i_uid/i_gid from the underlying inode Miklos Szeredi
2012-08-15 17:14 ` [PATCH 00/13] overlay filesystem: request for inclusion (v14) Sedat Dilek
-- strict thread matches above, loose matches on Subject: below --
2012-09-20 18:55 [PATCH 00/13] overlay filesystem: request for inclusion (v15) Miklos Szeredi
2012-09-20 18:55 ` [PATCH 04/13] overlay filesystem Miklos Szeredi
2013-03-12 15:41 [PATCH 00/13] overlay filesystem: request for inclusion (v16) Miklos Szeredi
2013-03-12 15:41 ` [PATCH 04/13] overlay filesystem Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zk5v5p73.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=apw@canonical.com \
--cc=dhowells@redhat.com \
--cc=ezk@fsl.cs.sunysb.edu \
--cc=goran.cetusic@gmail.com \
--cc=hch@infradead.org \
--cc=hpj@urpla.net \
--cc=hramrach@centrum.cz \
--cc=jordipujolp@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@suse.cz \
--cc=nbd@openwrt.org \
--cc=neilb@suse.de \
--cc=penberg@kernel.org \
--cc=ricwheeler@gmail.com \
--cc=romain@orebokech.com \
--cc=sedat.dilek@googlemail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.