[PATCH 1/1] overlayfs, xattr: allow unprivileged users to whiteout
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Feb 17 15:51:41 UTC 2014
Quoting Stefan Bader (stefan.bader at canonical.com):
> On 13.02.2014 22:44, Serge Hallyn wrote:
> > To mark a file which exists in the lower layer as deleted,
> > it creates a symbolic link to a file called "(overlay-whiteout)"
> > in the writeable mount, and sets a "trusted.overlay" xattr
> > on that link.
> >
>
> > 1. When the create the symbolic link as container root, not
> > as the global root
>
> Have my problems parsing this. Guess it says: "When the symbolic link is
> created, it is done as container root, not as the global root."
Yikes, yeah that's bad. Your interpretation is correct.
> > 2. Allow root in a container to edit "trusted.overlay*"
> > xattrs. Generally only global root is allowed to edit
> > "trusted.*"
> >
> > With this patch, I'm able to delete files and directories in a
> > user-namespace-based overlayfs-backed container. The overlay
> > writeable layer after "rm ab/ab; rmdir ab; mv xxx yyy;" ends up
> > looking like:
> >
> > ls -l .local/share/lxc/u11/delta0/home/ubuntu/
> > total 0
> > lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 ab -> (overlay-whiteout)
> > lrwxrwxrwx 1 150000 150000 18 Feb 13 22:30 xxx -> (overlay-whiteout)
> > -rw-rw-r-- 1 151000 151000 0 Feb 13 03:53 yyy
> >
>
> Hm, am I missing something here? I see access rights changed, but would the
> whiteout link creation not also be in overlayfs code ... somewhere?
I'm not sure what you mean. I don't change access rights, but change
the owning uid/gid. The whiteout link is indeed created in the
overlayfs code, using vfs_symlink. Right before that is done, overlayfs
sets an override credential. Currently the override cred is with the
global root uid/gid. I'm changing it to be the container root uid/gid.
Or maybe you mean the '(overlay-whiteout)' file itself? It doesn't
exist, so the deleted files are symlinks to a nonexistent file...
-serge
More information about the kernel-team
mailing list