[PATCH v2 03/10] ovl: check privs before decoding file handle

Amir Goldstein amir73il at gmail.com
Wed Dec 9 18:16:10 UTC 2020

On Wed, Dec 9, 2020 at 6:20 PM Miklos Szeredi <miklos at szeredi.hu> wrote:
> On Wed, Dec 9, 2020 at 11:13 AM Miklos Szeredi <miklos at szeredi.hu> wrote:
> > Hard link indexing should work without fh decoding, since it is only
> > encoding the file handle to search for the index entry, and encoding
> > is not privileged.
> Tested this a bit and while hard link indexing does work,  inode
> lookup is broken since it uses the origin inode as a key (which is not

Yes, that is what I meant by ovl_check_origin() is broken.

> available) instead of using the origin value directly.  This is
> fixable, but needs a fair amount of restructuring, so let's just

Maybe it also requires on-disk changes.
We should be able to use the origin fh as the key for lower inode,
but we need the lower st_inode for initializing the ovl inode with
correct ino. If we cannot decode lower inode from origin fh, I think
we would need to store the ino in user.overlay.ino on copy up or
maintain redirect, but redirect is not supported either with user ns mount...

> postpone this and disable index for now, as you suggested.

Nobody seems to be enabling it anyway :-/


More information about the Linux-security-module-archive mailing list