[PATCH 1/1] RFC: Overlayfs: allow unprivileged mounts
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Feb 11 22:38:09 UTC 2014
(CC:ing Miklos for further insight; Miklos, for reference the original
email is:
https://lists.ubuntu.com/archives/kernel-team/2014-February/038811.html)
Hi,
with the applied patch we can start overlayfs-based containers as an
unprivileged user - however we can't delete files because we need
capable(CAP_SYS_ADMIN) to create the trusted.* xattrs.
Long-term, Al Viro wants to replace the xattr-based whiteouts
with a true whiteout directory entry that can be shared by
union mounts. In the meantime, we were wondering what are the
downsides if we simply use user.* xattrs instead of trusted.*.
The most glaring mis-behavior would be that whereas currently
ID=$(id -u)
sudo mkdir /tmp/x
sudo touch /tmp/x/a
sudo chown $ID /tmp/x/a
rm /tmp/x/a
fails, an unprivileged user might be able to work around that
by manually setting the whiteout xattr. However, overlayfs
explicitly prevents such writes to the overlayfs mounts, so the
user would have to find direct access to the directory serving
as the write layer to do so.
So - Miklos, Andrew, would this seem like an ok thing to do
for now, using user.overlay instead of trusted.overlay? Or
are there other problems with this which we haven't considered?
thanks,
-serge
More information about the kernel-team
mailing list