ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay." This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace. Make the option explicit, since it makes the filesystem format be incompatible. Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs. Signed-off-by:Miklos Szeredi <mszeredi@redhat.com> Reviewed-by:
Amir Goldstein <amir73il@gmail.com>
Showing
- Documentation/filesystems/overlayfs.rst 11 additions, 2 deletionsDocumentation/filesystems/overlayfs.rst
- fs/overlayfs/inode.c 9 additions, 3 deletionsfs/overlayfs/inode.c
- fs/overlayfs/overlayfs.h 5 additions, 3 deletionsfs/overlayfs/overlayfs.h
- fs/overlayfs/ovl_entry.h 1 addition, 0 deletionsfs/overlayfs/ovl_entry.h
- fs/overlayfs/super.c 53 additions, 8 deletionsfs/overlayfs/super.c
- fs/overlayfs/util.c 3 additions, 2 deletionsfs/overlayfs/util.c
Loading
Please register or sign in to comment