[PATCH v2 36/39] overlayfs: do not mount on top of idmapped mounts

Christian Brauner Sun, 15 Nov 2020 18:16:03 -0800

Prevent overlayfs from being mounted on top of idmapped mounts until we
have ported it to handle this case and added proper testing for it.


Cc: Christoph Hellwig <[email protected]>
Cc: David Howells <[email protected]>
Cc: Al Viro <[email protected]>
Cc: [email protected]
Signed-off-by: Christian Brauner <[email protected]>
---
/* v2 */
patch introduced
---
 fs/overlayfs/super.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 0d4f2baf6836..3cacc3d3fb65 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1708,6 +1708,12 @@ static struct ovl_entry *ovl_get_lowerstack(struct 
super_block *sb,
                if (err)
                        goto out_err;
 
+               if (mnt_idmapped(stack[i].mnt)) {
+                       err = -EINVAL;
+                       pr_err("idmapped lower layers are currently 
unsupported\n");
+                       goto out_err;
+               }
+
                lower = strchr(lower, '\0') + 1;
        }
 
@@ -1939,6 +1945,12 @@ static int ovl_fill_super(struct super_block *sb, void 
*data, int silent)
                if (err)
                        goto out_err;
 
+               if (mnt_idmapped(upperpath.mnt)) {
+                       err = -EINVAL;
+                       pr_err("idmapped lower layers are currently 
unsupported\n");
+                       goto out_err;
+               }
+
                err = ovl_get_workdir(sb, ofs, &upperpath);
                if (err)
                        goto out_err;
-- 
2.29.2

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

[PATCH v2 36/39] overlayfs: do not mount on top of idmapped mounts

Reply via email to