lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 03 Feb 2022 12:02:46 +0100
From:   Alois Wohlschlager <alois1@...-topmail.de>
To:     Miklos Szeredi <miklos@...redi.hu>
Cc:     linux-unionfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] ovl: warn if trusted xattr creation fails

When mounting overlayfs in an unprivileged user namespace, trusted xattr
creation will fail. This will lead to failures in some file operations,
e.g. in the following situation:

  mkdir lower upper work merged
  mkdir lower/directory
  mount -toverlay -olowerdir=lower,upperdir=upper,workdir=work none merged
  rmdir merged/directory
  mkdir merged/directory

The last mkdir will fail:

  mkdir: cannot create directory 'merged/directory': Input/output error

The cause for these failures is currently extremely non-obvious and hard
to debug. Hence, warn the user and suggest using the userxattr mount
option, if it is not already supplied and xattr creation fails during
the self-check.

Signed-off-by: Alois Wohlschlager <alois1@...-topmail.de>
---
 fs/overlayfs/super.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 7bb0a47cb615..11123fe967e0 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1427,6 +1427,8 @@ static int ovl_make_workdir(struct super_block *sb,
struct ovl_fs *ofs,
 			ofs->config.xino = OVL_XINO_OFF;
 			pr_warn("upper fs does not support xattr,
falling back to xino=off.\n");
 		}
+		if (!ofs->config.userxattr)
+			pr_warn("trusted xattr creation not
supported, some file operations may fail. Try mounting with userxattr next
time.\n");
 		err = 0;
 	} else {
 		ovl_do_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
--
2.35.1


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ