[PATCH 1/1] overlayfs, xattr: allow unprivileged users to whiteout

[Serge Hallyn]

Quoting Stefan Bader (stefan.bader at canonical.com):
> On 13.02.2014 22:44, Serge Hallyn wrote:
> > To mark a file which exists in the lower layer as deleted,
> > it creates a symbolic link to a file called "(overlay-whiteout)"
> > in the writeable mount, and sets a "trusted.overlay" xattr
> > on that link.
> > 
> 
> > 1. When the create the symbolic link as container root, not
> > as the global root
> 
> Have my problems parsing this. Guess it says: "When the symbolic link is
> created, it is done as container root, not as the global root."

Yikes, yeah that's bad.  Your interpretation is correct.

> > 2. Allow root in a container to edit "trusted.overlay*"
> > xattrs.  Generally only global root is allowed to edit
> > "trusted.*"
> > 
> > With this patch, I'm able to delete files and directories in a
> > user-namespace-based overlayfs-backed container.  The overlay
> > writeable layer after "rm ab/ab; rmdir ab; mv xxx yyy;" ends up
> > looking like:
> > 
> > ls -l .local/share/lxc/u11/delta0/home/ubuntu/
> > total 0
> > lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 ab -> (overlay-whiteout)
> > lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 xxx -> (overlay-whiteout)
> > -rw-rw-r-- 1 151000 151000  0 Feb 13 03:53 yyy
> > 
> 
> Hm, am I missing something here? I see access rights changed, but would the
> whiteout link creation not also be in overlayfs code ... somewhere?

I'm not sure what you mean.  I don't change access rights, but change
the owning uid/gid.  The whiteout link is indeed created in the
overlayfs code, using vfs_symlink.  Right before that is done, overlayfs
sets an override credential.  Currently the override cred is with the
global root uid/gid.  I'm changing it to be the container root uid/gid.

Or maybe you mean the '(overlay-whiteout)' file itself?  It doesn't
exist, so the deleted files are symlinks to a nonexistent file...

-serge