• Miklos Szeredi's avatar
    ovl: fix permission checking for setattr · 2cadb57d
    Miklos Szeredi authored
    [ Upstream commit acff81ec ]
    
    [Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
    away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
    (with the former being always safe and the latter failing in case of
    insufficient permissions) it tries to combine these two.  Note that copyup
    itself will have to do ->setattr() anyway; _that_ is where the elevated
    capabilities are right.  Having these two ->setattr() (one to set verbatim
    copy of metadata, another to do what overlayfs ->setattr() had been asked
    to do in the first place) combined is where it breaks.
    Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
    2cadb57d
inode.c 9.42 KB