www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Vivek Goyal <vgoyal@redhat.com>
	Fri, 1 Jul 2016 20:34:29 +0000 (16:34 -0400)
committer	Shan Hai <shan.hai@oracle.com>
	Fri, 4 Aug 2017 05:49:19 +0000 (13:49 +0800)
commit	3c797c2accc43b69bbaae8f584183431aec36cd9
tree	96c5afe23d464f23ebbb8eb90c914651ef3c8b7e	tree
parent	50b09673e2c551120b6023114bb1bfe91298f3ec	commit \| diff

ovl: do not require mounter to have MAY_WRITE on lower

Now we have two levels of checks in ovl_permission(). overlay inode
is checked with the creds of task while underlying inode is checked
with the creds of mounter.

Looks like mounter does not have to have WRITE access to files on lower/.
So remove the MAY_WRITE from access mask for checks on underlying
lower inode.

This means task should still have the MAY_WRITE permission on lower
inode and mounter is not required to have MAY_WRITE.

It also solves the problem of read only NFS mounts being used as lower.
If __inode_permission(lower_inode, MAY_WRITE) is called on read only
NFS, it fails. By resetting MAY_WRITE, check succeeds and case of
read only NFS shold work with overlay without having to specify any
special mount options (default permission).

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Orabug: 26401569

(backport upstream commit 754f8cb72b42a3a6100d2bbb1cb885361a7310dd)

Signed-off-by: Shan Hai <shan.hai@oracle.com>
Reviewed-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>