[PATCH 2/2] ovl: check POSIX ACL support aginst upper layer

Fri, 11 Dec 2015 01:36:08 -0800 

Default ACL is not inherited on overlayfs. e.g.

umask 022
mkdir /mnt/overlay/acltestdir
setfacl -d --set u::rwx,g::rwx,o::- /mnt/overlay/acltestdir
mkdir /mnt/overlay/acltestdir/subdir
getfacl -p /mnt/overlay/acltestdir/subdir

subdir should inherit the default acl from acltestdir, which is
u::rwx,g::rwx,o::-, but subdir has mode specified by umask instead.
xfstests generic/314 and generic/319 reveal this issue.

Fix it by setting MS_POSIXACL flag overlayfs superblock to avoid setting
mode according to umask, then moving the POSIX ACL handling to overlayfs.

Signed-off-by: Eryu Guan <guane...@gmail.com>
---
 fs/overlayfs/dir.c   | 22 ++++++++++++++--------
 fs/overlayfs/super.c |  7 +++++++
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 692ceda..8b763c2 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -387,20 +387,26 @@ static int ovl_create_or_link(struct dentry *dentry, int 
mode, dev_t rdev,
 {
        int err;
        struct inode *inode;
-       struct kstat stat = {
-               .mode = mode,
-               .rdev = rdev,
-       };
+       struct dentry *upperdir;
+       struct kstat stat;
+
+       err = ovl_copy_up(dentry->d_parent);
+       if (err)
+               goto out;
+
+       /* Check POSIX ACL support against upper layer */
+       upperdir = ovl_dentry_upper(dentry->d_parent);
+       if (!IS_POSIXACL(d_inode(upperdir)))
+               mode &= ~current_umask();
+
+       stat.mode = mode;
+       stat.rdev = rdev;
 
        err = -ENOMEM;
        inode = ovl_new_inode(dentry->d_sb, mode, dentry->d_fsdata);
        if (!inode)
                goto out;
 
-       err = ovl_copy_up(dentry->d_parent);
-       if (err)
-               goto out_iput;
-
        if (!ovl_dentry_is_opaque(dentry)) {
                err = ovl_create_upper(dentry, inode, &stat, link, hardlink);
        } else {
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index e38ee0f..1cf923c 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1024,6 +1024,13 @@ static int ovl_fill_super(struct super_block *sb, void 
*data, int silent)
        if (!ufs->upper_mnt)
                sb->s_flags |= MS_RDONLY;
 
+       /*
+        * Set MS_POSIXACL unconditionally, so file mode won't be set according
+        * to umask in vfs layer, POSIX ACL support and new file mode will be
+        * handled in overlayfs.
+        */
+       sb->s_flags |= MS_POSIXACL;
+
        if (remote)
                sb->s_d_op = &ovl_reval_dentry_operations;
        else
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to