[PATCH v6 09/40] xattr: handle idmapped mounts

James Morris jmorris at namei.org
Fri Jan 22 03:21:18 UTC 2021


On Thu, 21 Jan 2021, Christian Brauner wrote:

> From: Tycho Andersen <tycho at tycho.pizza>
> 
> When interacting with extended attributes the vfs verifies that the
> caller is privileged over the inode with which the extended attribute is
> associated. For posix access and posix default extended attributes a uid
> or gid can be stored on-disk. Let the functions handle posix extended
> attributes on idmapped mounts. If the inode is accessed through an
> idmapped mount we need to map it according to the mount's user
> namespace. Afterwards the checks are identical to non-idmapped mounts.
> This has no effect for e.g. security xattrs since they don't store uids
> or gids and don't perform permission checks on them like posix acls do.
> 
> Link: https://lore.kernel.org/r/20210112220124.837960-17-christian.brauner@ubuntu.com
> Cc: Christoph Hellwig <hch at lst.de>
> Cc: David Howells <dhowells at redhat.com>
> Cc: Al Viro <viro at zeniv.linux.org.uk>
> Cc: linux-fsdevel at vger.kernel.org
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Signed-off-by: Tycho Andersen <tycho at tycho.pizza>
> Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


Reviewed-by: James Morris <jamorris at linux.microsoft.com>


-- 
James Morris
<jmorris at namei.org>



More information about the Containers mailing list