ovl: modify ovl_permission() to do checks on two inodes

author Vivek Goyal <vgoyal@redhat.com>

Fri, 1 Jul 2016 20:34:27 +0000 (16:34 -0400)

committer Shan Hai <shan.hai@oracle.com>

Fri, 4 Aug 2017 05:48:24 +0000 (13:48 +0800)
author Vivek Goyal <vgoyal@redhat.com>
Fri, 1 Jul 2016 20:34:27 +0000 (16:34 -0400)
committer Shan Hai <shan.hai@oracle.com>
Fri, 4 Aug 2017 05:48:24 +0000 (13:48 +0800)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c

index a5931a648273ab5a2dc6c3f59a91ef5f1b12dafa..690febf7dd6ee83a1e4c73a2e0e64a2a8fb21958 100644 (file)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -96,6 +96,7 @@ int ovl_permission(struct inode *inode, int mask)
         bool is_upper;
         struct dentry *realdentry = ovl_entry_real(oe, &is_upper);
         struct inode *realinode;
+       const struct cred *old_cred;
         int err;
  
         if (ovl_is_default_permissions(inode)) {
@@ -149,7 +150,19 @@ int ovl_permission(struct inode *inode, int mask)
                         return -EROFS;
         }
  
-       return __inode_permission(realinode, mask);
+       /*
+        * Check overlay inode with the creds of task and underlying inode
+        * with creds of mounter
+        */
+       err = generic_permission(inode, mask);
+       if (err)
+               return err;
+
+       old_cred = ovl_override_creds(inode->i_sb);
+       err = __inode_permission(realinode, mask);
+       revert_creds(old_cred);
+
+       return err;
  }
  
  
@@ -343,9 +356,6 @@ struct posix_acl *ovl_get_acl(struct inode *inode, int type)
  {
         struct inode *realinode = ovl_inode_real(inode);
  
-       if (!realinode)
-               return ERR_PTR(-ENOENT);
-
         if (!IS_POSIXACL(realinode))
                 return NULL;
author	Vivek Goyal <vgoyal@redhat.com>
	Fri, 1 Jul 2016 20:34:27 +0000 (16:34 -0400)
committer	Shan Hai <shan.hai@oracle.com>
	Fri, 4 Aug 2017 05:48:24 +0000 (13:48 +0800)