| Message ID | 1468421095-22322-10-git-send-email-vgoyal@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Jul 13, 2016 at 4:44 PM, Vivek Goyal <vgoyal@redhat.com> wrote: > Right now we remove MAY_WRITE/MAY_APPEND bits from mask if realfile is > on lower/. This is done as files on lower will never be written and will > be copied up. But to copy up a file, mounter should have MAY_READ permission > otherwise copy up will fail. So set MAY_READ in mask when MAY_WRITE is > reset. > > Dan Walsh noticed this when he did access(lowerfile, W_OK) and it returned > True (context mounts) but when he tried to actually write to file, it failed > as mounter did not have permission on lower file. > > Reported-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com> > --- > fs/overlayfs/inode.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c > index 6d9d86e..83b2422 100644 > --- a/fs/overlayfs/inode.c > +++ b/fs/overlayfs/inode.c > @@ -140,8 +140,13 @@ int ovl_permission(struct inode *inode, int mask) > return err; > > old_cred = ovl_override_creds(inode->i_sb); > - if (!is_upper && !special_file(realinode->i_mode)) > - mask &= ~(MAY_WRITE | MAY_APPEND); > + if (!is_upper && !special_file(realinode->i_mode)) { > + if (mask & MAY_WRITE || mask & MAY_APPEND) { Hmm. From what I can tell O_APPEND with O_RDONLY is equivalent to O_RDONLY, hence MAY_APPEND without MAY_WRITE should not behave as if MAY_WRITE was given. I.e. it should not trigger a copy up. Not sure what MAC checks do with MAY_APPEND, though. Pushed amended commit to overlayfs-next. Thanks, Miklos > + mask &= ~(MAY_WRITE | MAY_APPEND); > + /* Make sure mounter can read file for copy up later */ > + mask |= MAY_READ; > + } > + } > err = inode_permission(realinode, mask); > revert_creds(old_cred); > > -- > 2.7.4 > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 6d9d86e..83b2422 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -140,8 +140,13 @@ int ovl_permission(struct inode *inode, int mask) return err; old_cred = ovl_override_creds(inode->i_sb); - if (!is_upper && !special_file(realinode->i_mode)) - mask &= ~(MAY_WRITE | MAY_APPEND); + if (!is_upper && !special_file(realinode->i_mode)) { + if (mask & MAY_WRITE || mask & MAY_APPEND) { + mask &= ~(MAY_WRITE | MAY_APPEND); + /* Make sure mounter can read file for copy up later */ + mask |= MAY_READ; + } + } err = inode_permission(realinode, mask); revert_creds(old_cred);
Right now we remove MAY_WRITE/MAY_APPEND bits from mask if realfile is on lower/. This is done as files on lower will never be written and will be copied up. But to copy up a file, mounter should have MAY_READ permission otherwise copy up will fail. So set MAY_READ in mask when MAY_WRITE is reset. Dan Walsh noticed this when he did access(lowerfile, W_OK) and it returned True (context mounts) but when he tried to actually write to file, it failed as mounter did not have permission on lower file. Reported-by: Dan Walsh <dwalsh@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/overlayfs/inode.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)