[PATCH v2 08/10] ovl: do not fail because of O_NOATIME
Amir Goldstein
amir73il at gmail.com
Tue Dec 8 11:29:21 UTC 2020
On Mon, Dec 7, 2020 at 6:37 PM Miklos Szeredi <mszeredi at redhat.com> wrote:
>
> In case the file cannot be opened with O_NOATIME because of lack of
> capabilities, then clear O_NOATIME instead of failing.
>
> Signed-off-by: Miklos Szeredi <mszeredi at redhat.com>
> ---
> fs/overlayfs/file.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> index dc767034d37b..d6ac7ac66410 100644
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -53,9 +53,10 @@ static struct file *ovl_open_realfile(const struct file *file,
> err = inode_permission(realinode, MAY_OPEN | acc_mode);
> if (err) {
> realfile = ERR_PTR(err);
> - } else if (!inode_owner_or_capable(realinode)) {
> - realfile = ERR_PTR(-EPERM);
> } else {
> + if (!inode_owner_or_capable(realinode))
> + flags &= ~O_NOATIME;
> +
Isn't that going to break:
flags |= OVL_OPEN_FLAGS;
/* If some flag changed that cannot be changed then something's amiss */
if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK))
IOW setting a flag that is allowed to change will fail because of
missing O_ATIME in file->f_flags.
I guess we need test coverage for SETFL.
Thanks,
Amir.
More information about the Linux-security-module-archive
mailing list