[PATCH 1/1] overlayfs, xattr: allow unprivileged users to whiteout
Stefan Bader
stefan.bader at canonical.com
Mon Feb 17 18:25:31 UTC 2014
On 17.02.2014 16:51, Serge Hallyn wrote:
> Quoting Stefan Bader (stefan.bader at canonical.com):
>> On 13.02.2014 22:44, Serge Hallyn wrote:
>>> To mark a file which exists in the lower layer as deleted,
>>> it creates a symbolic link to a file called "(overlay-whiteout)"
>>> in the writeable mount, and sets a "trusted.overlay" xattr
>>> on that link.
>>>
>>
>>> 1. When the create the symbolic link as container root, not
>>> as the global root
>>
>> Have my problems parsing this. Guess it says: "When the symbolic link is
>> created, it is done as container root, not as the global root."
>
> Yikes, yeah that's bad. Your interpretation is correct.
>
>>> 2. Allow root in a container to edit "trusted.overlay*"
>>> xattrs. Generally only global root is allowed to edit
>>> "trusted.*"
>>>
>>> With this patch, I'm able to delete files and directories in a
>>> user-namespace-based overlayfs-backed container. The overlay
>>> writeable layer after "rm ab/ab; rmdir ab; mv xxx yyy;" ends up
>>> looking like:
>>>
>>> ls -l .local/share/lxc/u11/delta0/home/ubuntu/
>>> total 0
>>> lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 ab -> (overlay-whiteout)
>>> lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 xxx -> (overlay-whiteout)
>>> -rw-rw-r-- 1 151000 151000 0 Feb 13 03:53 yyy
>>>
>>
>> Hm, am I missing something here? I see access rights changed, but would the
>> whiteout link creation not also be in overlayfs code ... somewhere?
>
> I'm not sure what you mean. I don't change access rights, but change
> the owning uid/gid. The whiteout link is indeed created in the
> overlayfs code, using vfs_symlink. Right before that is done, overlayfs
> sets an override credential. Currently the override cred is with the
> global root uid/gid. I'm changing it to be the container root uid/gid.
>
> Or maybe you mean the '(overlay-whiteout)' file itself? It doesn't
> exist, so the deleted files are symlinks to a nonexistent file...
Doh! So for some reason I thought the whiteout process would be added. Probably
mis-reading the first paragraph as part of the changes. But its a description of
the current behaviour.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20140217/c2e34a61/attachment.sig>
More information about the kernel-team
mailing list