From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miklos Szeredi <miklos@szeredi.hu>
Subject: Re: [PATCH RFC] overlayfs,xattr: allow unprivileged users to whiteout
Date: Fri, 28 Feb 2014 15:15:14 +0100
Message-ID: <CAJfpegvNZAORrBO7tiZ-McoVLO94o17WUCo8sGzDso3N_wn-TA@mail.gmail.com>
References: <20140225173113.GA14257@sergelap>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Cc: Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
	kernel-team@lists.ubuntu.com,
	=?UTF-8?Q?St=C3=A9phane_Graber?= <stephane.graber@canonical.com>,
	Andy Whitcroft <apw@canonical.com>
To: Serge Hallyn <serge.hallyn@ubuntu.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-qc0-f180.google.com ([209.85.216.180]:33824 "EHLO
	mail-qc0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752411AbaB1OPP (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 28 Feb 2014 09:15:15 -0500
Received: by mail-qc0-f180.google.com with SMTP id i17so765774qcy.11
        for <linux-fsdevel@vger.kernel.org>; Fri, 28 Feb 2014 06:15:14 -0800 (PST)
In-Reply-To: <20140225173113.GA14257@sergelap>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, Feb 25, 2014 at 6:31 PM, Serge Hallyn <serge.hallyn@ubuntu.com> wrote:
> To mark a file which exists in the lower layer as deleted,
> it creates a symbolic link to a file called "(overlay-whiteout)"
> in the writeable mount, and sets a "trusted.overlay" xattr
> on that link.
>
> 1. When the create the symbolic link as container root, not
> as the global root
>
> 2. Allow root in a container to edit "trusted.overlay*"
> xattrs.  Generally only global root is allowed to edit
> "trusted.*"

Shouldn't overlayfs just skip the permission checks and call
__vfs_setxattr_noperm() instead?

Thanks,
Miklos