From: Vivek Goyal <vgoyal@redhat.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>, linux-unionfs@vger.kernel.org
Subject: Re: [PATCH] overlayfs: Do not lose security.capability xattr over metadata file copy-up
Date: Wed, 30 Jan 2019 10:43:12 -0500 [thread overview]
Message-ID: <20190130154312.GA2757@redhat.com> (raw)
In-Reply-To: <CAOQ4uxhAsVgkxND=Bj-jrZf307_+e=E6Zg+a1kOiFaGh1YBuEQ@mail.gmail.com>
On Wed, Jan 30, 2019 at 09:42:19AM +0200, Amir Goldstein wrote:
> On Tue, Jan 29, 2019, 10:50 PM Vivek Goyal <vgoyal@redhat.com wrote:
>
> > If a file has been copied up metadata only, and later data is copied up,
> > upper loses any security.capability xattr it has (underlying filesystem
> > clears it as upon file write).
> >
>
>
> Write also clears suid mode bits
> Should we restore these as well? Or do we already and I missed it?
[ Adding linux-unionfs ]
suid mode bit is only cleared if caller does not have CAP_FSETID.
should_remove_suid() {
if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
return kill;
}
We do copy up in the context of mounter which is root, often with
CAP_FSETID.
So while this is not a widespread problem yet, it is a potential issue.
We can fix it if somebody runs into it.
>
>
> > From a user's point of view, this is just a file copy-up and that should
> > not result in losing security.capability xattr. Hence, before data copy
> > up, save security.capability xattr (if any) and restore it on upper after
> > data copy up is complete.
> >
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > fs/overlayfs/copy_up.c | 24 +++++++++++++++++++++++-
> > fs/overlayfs/overlayfs.h | 1 +
> > fs/overlayfs/util.c | 44
> > ++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 68 insertions(+), 1 deletion(-)
> >
> > Index: rhvgoyal-linux/fs/overlayfs/util.c
> > ===================================================================
> > --- rhvgoyal-linux.orig/fs/overlayfs/util.c 2019-01-28
> > 14:42:10.499670636 -0500
> > +++ rhvgoyal-linux/fs/overlayfs/util.c 2019-01-29 14:45:49.747395201 -0500
> > @@ -912,3 +912,47 @@ invalid:
> > res = -EINVAL;
> > goto err_free;
> > }
> > +
> > +size_t ovl_getxattr(struct dentry *dentry, char *name, void **value,
> > + size_t *size)
> > +{
> >
>
>
> Please add padding arg and use this helper from ovl_get_redirect_xattr.
Ok, will do.
Vivek
prev parent reply other threads:[~2019-01-30 15:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-29 20:50 [PATCH] overlayfs: Do not lose security.capability xattr over metadata file copy-up Vivek Goyal
[not found] ` <CAOQ4uxhAsVgkxND=Bj-jrZf307_+e=E6Zg+a1kOiFaGh1YBuEQ@mail.gmail.com>
2019-01-30 15:43 ` Vivek Goyal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190130154312.GA2757@redhat.com \
--to=vgoyal@redhat.com \
--cc=amir73il@gmail.com \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).