ovl: ignore permissions on underlying lookup
Generally permission checking is not necessary when overlayfs looks up a dentry on one of the underlying layers, since search permission on base directory was already checked in ovl_permission(). More specifically using lookup_one_len() causes a problem when the lower directory lacks search permission for a specific user while the upper directory does have search permission. Since lookups are cached, this causes inconsistency in behavior: success depends on who did the first lookup. So instead use lookup_hash() which doesn't do the permission check. Reported-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
Родитель
3c9fe8cdff
Коммит
38b78a5f18
|
@ -411,9 +411,7 @@ static inline struct dentry *ovl_lookup_real(struct dentry *dir,
|
||||||
{
|
{
|
||||||
struct dentry *dentry;
|
struct dentry *dentry;
|
||||||
|
|
||||||
inode_lock(dir->d_inode);
|
dentry = lookup_hash(name, dir);
|
||||||
dentry = lookup_one_len(name->name, dir, name->len);
|
|
||||||
inode_unlock(dir->d_inode);
|
|
||||||
|
|
||||||
if (IS_ERR(dentry)) {
|
if (IS_ERR(dentry)) {
|
||||||
if (PTR_ERR(dentry) == -ENOENT)
|
if (PTR_ERR(dentry) == -ENOENT)
|
||||||
|
|
Загрузка…
Ссылка в новой задаче