UBUNTU: ubuntu: overlayfs -- overlayfs: apply device cgroup and security permissions to overlay files
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.
Use devcgroup_inode_permission() and security_inode_permission() against
the underlying inodes when calculating ovl_permission().
Add a simple read-only counter to super_block that indicates deep this
is in the stack of filesystems. Previously ecryptfs was the only
stackable filesystem and it explicitly disallowed multiple layers of
itself.
Overlayfs, however, can be stacked recursively and also may be stacked
on top of ecryptfs or vice versa.
To limit the kernel stack usage we must limit the depth of the
filesystem stack. Initially the limit is set to 2.
Signed-off-by: Miklos Szeredi <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(cherry picked from commit 69c1565cf4e8479ab7c5edf8ea194965376d04a8)
This is useful because of the stacking nature of overlayfs. Users like to
find out (via /proc/mounts) which lower/upper directory were used at mount
time.
[<email address hidden>: backport to v3.2]
Signed-off-by: Erez Zadok <email address hidden>
Signed-off-by: Miklos Szeredi <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(cherry picked from commit 70d85b866501480f36c945408302f3a7e859f60c)
UBUNTU: ubuntu: overlayfs -- overlayfs: add statfs support
Add support for statfs to the overlayfs filesystem. As the upper layer
is the target of all write operations assume that the space in that
filesystem is the space in the overlayfs. There will be some inaccuracy as
overwriting a file will copy it up and consume space we were not expecting,
but it is better than nothing.
Use the upper layer dentry and mount from the overlayfs root inode,
passing the statfs call to that filesystem.
Signed-off-by: Andy Whitcroft <email address hidden>
Signed-off-by: Miklos Szeredi <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(cherry picked from commit 3a375b0e617e3f8a54619d0d569fb2918c379289)
Signed-off-by: Paolo Pisati <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>
50eb9f5...
by
Miklos Szeredi <email address hidden>
UBUNTU: ubuntu: overlayfs -- overlay filesystem
Overlayfs allows one, usually read-write, directory tree to be
overlaid onto another, read-only directory tree. All modifications
go to the upper, writable layer.
This type of mechanism is most often used for live CDs but there's a
wide variety of other uses.
The implementation differs from other "union filesystem"
implementations in that after a file is opened all operations go
directly to the underlying, lower or upper, filesystems. This
simplifies the implementation and allows native performance in these
cases.
The dentry tree is duplicated from the underlying filesystems, this
enables fast cached lookups without adding special support into the
VFS. This uses slightly more memory than union mounts, but dentries
are relatively small.
Currently inodes are duplicated as well, but it is a possible
optimization to share inodes for non-directories.
Opening non directories results in the open forwarded to the
underlying filesystem. This makes the behavior very similar to union
mounts (with the same limitations vs. fchmod/fchown on O_RDONLY file
descriptors).
Usage:
mount -t overlay -olowerdir=/lower,upperdir=/upper overlay /mnt
Supported:
- all operations
Missing:
- Currently a crash in the middle of copy-up, rename, unlink, rmdir or create
over a whiteout may result in filesystem corruption on the overlay level.
IOW these operations need to become atomic or at least the corruption needs
to be detected.
The following cotributions have been folded into this patch:
Neil Brown <email address hidden>:
- minimal remount support
- use correct seek function for directories
- initialise is_real before use
- rename ovl_fill_cache to ovl_dir_read
Felix Fietkau <email address hidden>:
- fix a deadlock in ovl_dir_read_merged
- fix a deadlock in ovl_remove_whiteouts
Erez Zadok <email address hidden>
- fix cleanup after WARN_ON
Sedat Dilek <email address hidden>
- fix up permission to confirm to new API
Also thanks to the following people for testing and reporting bugs:
Jordi Pujol <email address hidden>
Andy Whitcroft <email address hidden>
Michal Suchanek <email address hidden>
Felix Fietkau <email address hidden>
Erez Zadok <email address hidden>
Randy Dunlap <email address hidden>
Signed-off-by: Miklos Szeredi <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
(cherry picked from commit df1d75d878ea1112781884d424f20874005b0377)
