[PATCH v2 08/10] ovl: do not fail because of O_NOATIME

Amir Goldstein amir73il at gmail.com
Tue Dec 8 11:29:21 UTC 2020


On Mon, Dec 7, 2020 at 6:37 PM Miklos Szeredi <mszeredi at redhat.com> wrote:
>
> In case the file cannot be opened with O_NOATIME because of lack of
> capabilities, then clear O_NOATIME instead of failing.
>
> Signed-off-by: Miklos Szeredi <mszeredi at redhat.com>
> ---
>  fs/overlayfs/file.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> index dc767034d37b..d6ac7ac66410 100644
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -53,9 +53,10 @@ static struct file *ovl_open_realfile(const struct file *file,
>         err = inode_permission(realinode, MAY_OPEN | acc_mode);
>         if (err) {
>                 realfile = ERR_PTR(err);
> -       } else if (!inode_owner_or_capable(realinode)) {
> -               realfile = ERR_PTR(-EPERM);
>         } else {
> +               if (!inode_owner_or_capable(realinode))
> +                       flags &= ~O_NOATIME;
> +

Isn't that going to break:

        flags |= OVL_OPEN_FLAGS;

        /* If some flag changed that cannot be changed then something's amiss */
        if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK))

IOW setting a flag that is allowed to change will fail because of
missing O_ATIME in file->f_flags.

I guess we need test coverage for SETFL.

Thanks,
Amir.



More information about the Linux-security-module-archive mailing list