summaryrefslogtreecommitdiff
path: root/Documentation/filesystems
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2022-07-06 19:09:12 +0300
committerChristian Brauner (Microsoft) <brauner@kernel.org>2022-07-15 23:10:20 +0300
commit1aa5fef575a839a6d01bfacd7e912dfffd0a4345 (patch)
treeed1ca05fc170723a90a819f2310ca21dc8bfffea /Documentation/filesystems
parent8043bffd01833a8544f2466fb3804310d6e73d09 (diff)
downloadlinux-1aa5fef575a839a6d01bfacd7e912dfffd0a4345.tar.xz
ovl: handle idmappings in ovl_get_acl()
During permission checking overlayfs will call ovl_permission() -> generic_permission() -> acl_permission_check() -> check_acl() -> get_acl() -> inode->i_op->get_acl() == ovl_get_acl() -> get_acl() /* on the underlying filesystem */ -> inode->i_op->get_acl() == /*lower filesystem callback */ -> posix_acl_permission() passing through the get_acl() request to the underlying filesystem. Before returning these values to the VFS we need to take the idmapping of the relevant layer into account and translate any ACL_{GROUP,USER} values according to the idmapped mount. We cannot alter the ACLs returned from the relevant layer directly as that would alter the cached values filesystem wide for the lower filesystem. Instead we can clone the ACLs and then apply the relevant idmapping of the layer. This is obviously only relevant when idmapped layers are used. Link: https://lore.kernel.org/r/20220708090134.385160-4-brauner@kernel.org Cc: Seth Forshee <sforshee@digitalocean.com> Cc: Amir Goldstein <amir73il@gmail.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Aleksa Sarai <cyphar@cyphar.com> Cc: Miklos Szeredi <mszeredi@redhat.com> Cc: linux-unionfs@vger.kernel.org Reviewed-by: Seth Forshee <sforshee@digitalocean.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'Documentation/filesystems')
0 files changed, 0 insertions, 0 deletions