[PATCH v2 0/2][Xenial SRU] Fix docker permission issues with the overlay2 storage driver

Seth Forshee seth.forshee at canonical.com
Tue Jan 31 14:14:25 UTC 2017 

On Tue, Jan 31, 2017 at 11:59:07AM +0100, Stefan Bader wrote:
> On 30.01.2017 23:06, Seth Forshee wrote:
> > BugLink: http://bugs.launchpad.net/bugs/1659417
> > 
> > Under some conditions docker users who use the overlay2 storage driver
> > on xenial are seeing erroneous "permission denied" errors. This is
> > caused by a bug in overlayfs which was fixed by two commits in 4.6. The
> > following are backports of those patches to xenial.
> > 
> > Changes in v2: Fix locking
> 
> The set is dangerously confusing. The first patch which adds the helper has
> little in common with what is (or better was since it got reverted) upstream

It looks different because __lookup_hash got removed at some point
before the upstream commit. So the upstream change more or less
reimplemented __lookup_hash as an exported interface and reflecting the
changes to lookups that had transpired in the interim.

> and
> the second change seems to have been re-done (probably with more dependencies in
> c1b2cc1a765aff4df7b22abe6b66014236f73eba.

Re-done out of necessity due to underlying changes in dentry hashing.

> I wonder whether it would not be better to try backporting the final state of
> this (if that does not end up being a huge mess) or at least combine the current
> two into a SAUCE patch.

Not a huge mess I suspect, but it will probably still look fairly
different from the upstream commit. Partly because the "mounter
credentials" concept appeared as sauce in Ubuntu before it appeared
upstream and looks a bit different, and partly because of the lookup
changes that have transpired since 4.4.

So it ends up being another backport of the concept to match the
implementation details of dentry lookup in 4.4. I'm not particularly
picky about which backport we use to be honest, either should fix the
bug.

> The locking I would then keep in the overlayfs code and
> the helper is more or less just exporting the __lookup_hash function. I guess
> most of the comment is true for that as well. Except the one line about i_mutex.
> But the way the upstream change implemented it makes it hard to compare.
> 
> -Stefan
> > 
> > Thanks,
> > Seth
> > 
> > Miklos Szeredi (2):
> >   vfs: add lookup_hash() helper
> >   ovl: ignore permissions on underlying lookup
> > 
> >  fs/namei.c            | 26 ++++++++++++++++++++++++++
> >  fs/overlayfs/super.c  |  4 +---
> >  include/linux/namei.h |  2 ++
> >  3 files changed, 29 insertions(+), 3 deletions(-)
> > 
> > 
> 
> 




> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list