[SRU Kinetic, Lunar, OEM-6.0, OEM-6.1 3/3] UBUNTU: SAUCE: overlayfs: default to userxattr when mounted from non initial user namespace

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Thu Jul 6 20:45:17 UTC 2023 

Also add a nouserxattr for the cases where it is desirable to mount without
userxattr under such namespaces.

This allows cases where such xattrs are necessary for certain operations to
work out, instead of failing due to not being able to use the
trusted.overlay.* xattrs.

CVE-2023-2640
CVE-2023-32629
LP: #1531747
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
 fs/overlayfs/super.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 85b891152a2c..bf031d88a842 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -391,6 +391,8 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
 		seq_puts(m, ",volatile");
 	if (ofs->config.userxattr)
 		seq_puts(m, ",userxattr");
+	else
+		seq_puts(m, ",nouserxattr");
 	return 0;
 }
 
@@ -439,6 +441,7 @@ enum {
 	OPT_UUID_OFF,
 	OPT_NFS_EXPORT_ON,
 	OPT_USERXATTR,
+	OPT_NOUSERXATTR,
 	OPT_NFS_EXPORT_OFF,
 	OPT_XINO_ON,
 	OPT_XINO_OFF,
@@ -458,6 +461,7 @@ static const match_table_t ovl_tokens = {
 	{OPT_INDEX_ON,			"index=on"},
 	{OPT_INDEX_OFF,			"index=off"},
 	{OPT_USERXATTR,			"userxattr"},
+	{OPT_NOUSERXATTR,		"nouserxattr"},
 	{OPT_UUID_ON,			"uuid=on"},
 	{OPT_UUID_OFF,			"uuid=off"},
 	{OPT_NFS_EXPORT_ON,		"nfs_export=on"},
@@ -628,6 +632,10 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config)
 			config->userxattr = true;
 			break;
 
+		case OPT_NOUSERXATTR:
+			config->userxattr = false;
+			break;
+
 		default:
 			pr_err("unrecognized mount option \"%s\" or missing value\n",
 					p);
@@ -1926,6 +1934,8 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 	ofs->config.nfs_export = ovl_nfs_export_def;
 	ofs->config.xino = ovl_xino_def();
 	ofs->config.metacopy = ovl_metacopy_def;
+	if (sb->s_user_ns != &init_user_ns)
+		ofs->config.userxattr = true;
 	err = ovl_parse_opt((char *) data, &ofs->config);
 	if (err)
 		goto out_err;
-- 
2.34.1

More information about the kernel-team mailing list