[PATCH v2 36/39] overlayfs: do not mount on top of idmapped mounts

[Christian Brauner]

Prevent overlayfs from being mounted on top of idmapped mounts until we
have ported it to handle this case and added proper testing for it.

Cc: Christoph Hellwig <h...@lst.de>
Cc: David Howells <dhowe...@redhat.com>
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
/* v2 */
patch introduced
---
 fs/overlayfs/super.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 0d4f2baf6836..3cacc3d3fb65 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1708,6 +1708,12 @@ static struct ovl_entry *ovl_get_lowerstack(struct 
super_block *sb,
                if (err)
                        goto out_err;
 
+               if (mnt_idmapped(stack[i].mnt)) {
+                       err = -EINVAL;
+                       pr_err("idmapped lower layers are currently 
unsupported\n");
+                       goto out_err;
+               }
+
                lower = strchr(lower, '\0') + 1;
        }
 
@@ -1939,6 +1945,12 @@ static int ovl_fill_super(struct super_block *sb, void 
*data, int silent)
                if (err)
                        goto out_err;
 
+               if (mnt_idmapped(upperpath.mnt)) {
+                       err = -EINVAL;
+                       pr_err("idmapped lower layers are currently 
unsupported\n");
+                       goto out_err;
+               }
+
                err = ovl_get_workdir(sb, ofs, &upperpath);
                if (err)
                        goto out_err;
-- 
2.29.2

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit