From 4c626f526e089031bd4a373baeb901c6bd260e3b Mon Sep 17 00:00:00 2001
From: Vivek Goyal <vgoyal@redhat.com>
Date: Wed, 13 Jul 2016 11:00:14 -0400
Subject: [PATCH] ovl: dilute permission checks on lower only if not special
 file

Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from
mask as lower/ will never be written and file will be copied up. But this
is not true for special files. These files are not copied up and are opened
in place. So don't dilute the checks for these types of files.

Reported-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Orabug: 26401569

(backport upstream commit e29841a0ab3d03e77313abd8fb4c16e80fb26e29)

Signed-off-by: Shan Hai <shan.hai@oracle.com>
Reviewed-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
---
 fs/overlayfs/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 8fe071b9ee7e..80613f03db51 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -121,7 +121,7 @@ int ovl_permission(struct inode *inode, int mask)
 		return err;
 
 	old_cred = ovl_override_creds(inode->i_sb);
-	if (!is_upper)
+	if (!is_upper && !special_file(realinode->i_mode))
 		mask &= ~(MAY_WRITE | MAY_APPEND);
 	err = inode_permission(realinode, mask);
 	revert_creds(old_cred);
-- 
2.50.1