[PATCH RFC] overlayfs, xattr: allow unprivileged users to whiteout
Miklos Szeredi
miklos at szeredi.hu
Fri Feb 28 14:15:14 UTC 2014
On Tue, Feb 25, 2014 at 6:31 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> To mark a file which exists in the lower layer as deleted,
> it creates a symbolic link to a file called "(overlay-whiteout)"
> in the writeable mount, and sets a "trusted.overlay" xattr
> on that link.
>
> 1. When the create the symbolic link as container root, not
> as the global root
>
> 2. Allow root in a container to edit "trusted.overlay*"
> xattrs. Generally only global root is allowed to edit
> "trusted.*"
Shouldn't overlayfs just skip the permission checks and call
__vfs_setxattr_noperm() instead?
Thanks,
Miklos
More information about the kernel-team
mailing list