linux/fs/overlayfs
Christian Brauner 1aa5fef575
ovl: handle idmappings in ovl_get_acl()
During permission checking overlayfs will call

ovl_permission()
-> generic_permission()
   -> acl_permission_check()
      -> check_acl()
         -> get_acl()
            -> inode->i_op->get_acl() == ovl_get_acl()
               -> get_acl() /* on the underlying filesystem */
                  -> inode->i_op->get_acl() == /*lower filesystem callback */
         -> posix_acl_permission()

passing through the get_acl() request to the underlying filesystem.

Before returning these values to the VFS we need to take the idmapping of the
relevant layer into account and translate any ACL_{GROUP,USER} values according
to the idmapped mount.

We cannot alter the ACLs returned from the relevant layer directly as that
would alter the cached values filesystem wide for the lower filesystem. Instead
we can clone the ACLs and then apply the relevant idmapping of the layer.

This is obviously only relevant when idmapped layers are used.

Link: https://lore.kernel.org/r/20220708090134.385160-4-brauner@kernel.org
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>
Cc: linux-unionfs@vger.kernel.org
Reviewed-by: Seth Forshee <sforshee@digitalocean.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-07-15 22:10:20 +02:00
..
copy_up.c attr: port attribute changes to new types 2022-06-26 18:18:56 +02:00
dir.c ovl: use ovl_copy_{real,upper}attr() wrappers 2022-04-28 16:31:12 +02:00
export.c ovl: handle idmappings for layer lookup 2022-04-28 16:31:12 +02:00
file.c overlayfs update for 5.19 2022-05-30 11:19:16 -07:00
inode.c ovl: handle idmappings in ovl_get_acl() 2022-07-15 22:10:20 +02:00
Kconfig docs: fix broken references to text files 2020-04-20 15:35:59 -06:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
namei.c ovl: handle idmappings for layer lookup 2022-04-28 16:31:12 +02:00
overlayfs.h acl: move idmapped mount fixup into vfs_{g,s}etxattr() 2022-07-15 22:08:59 +02:00
ovl_entry.h ovl: support idmapped layers 2022-04-28 16:31:12 +02:00
readdir.c ovl: handle idmappings for layer lookup 2022-04-28 16:31:12 +02:00
super.c ovl: turn of SB_POSIXACL with idmapped layers temporarily 2022-07-08 15:48:31 +02:00
util.c ovl: handle idmappings in layer open helpers 2022-04-28 16:31:12 +02:00