• Miklos Szeredi's avatar
    ovl: xattr filter fix · b581755b
    Miklos Szeredi authored
    a) ovl_need_xattr_filter() is wrong, we can have multiple lower layers
    overlaid, all of which (except the lowest one) honouring the
    "trusted.overlay.opaque" xattr.  So need to filter everything except the
    bottom and the pure-upper layer.
    
    b) we no longer can assume that inode is attached to dentry in
    get/setxattr.
    
    This patch unconditionally filters private xattrs to fix both of the above.
    Performance impact for get/removexattrs is likely in the noise.
    
    For listxattrs it might be measurable in pathological cases, but I very
    much hope nobody cares.  If they do, we'll fix it then.
    Reported-by: default avatarVivek Goyal <vgoyal@redhat.com>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    Fixes: b9680917 ("security_d_instantiate(): move to the point prior to attaching dentry to inode")
    b581755b
inode.c 8.9 KB