Re: [PATCH v2 03/18] ovl: stack miscattr ops
From: Al Viro
Date: Wed Mar 24 2021 - 01:10:54 EST
On Mon, Mar 22, 2021 at 03:49:01PM +0100, Miklos Szeredi wrote:
> +int ovl_miscattr_set(struct user_namespace *mnt_userns,
> + struct dentry *dentry, struct miscattr *ma)
> +{
> + struct inode *inode = d_inode(dentry);
> + struct dentry *upperdentry;
> + const struct cred *old_cred;
> + int err;
> +
> + err = ovl_want_write(dentry);
> + if (err)
> + goto out;
> +
> + err = ovl_copy_up(dentry);
> + if (!err) {
> + upperdentry = ovl_dentry_upper(dentry);
> +
> + old_cred = ovl_override_creds(inode->i_sb);
> + err = ovl_security_miscattr(dentry, ma, true);
> + if (!err)
> + err = vfs_miscattr_set(&init_user_ns, upperdentry, ma);
> + revert_creds(old_cred);
> + ovl_copyflags(ovl_inode_real(inode), inode);
> + }
> + ovl_drop_write(dentry);
> +out:
> + return err;
> +}
Umm... No equivalents of
/*
* Prevent copy up if immutable and has no CAP_LINUX_IMMUTABLE
* capability.
*/
ret = -EPERM;
if (!ovl_has_upperdata(inode) && IS_IMMUTABLE(inode) &&
!capable(CAP_LINUX_IMMUTABLE))
goto unlock;
ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY);
if (ret)
goto unlock;
in the current tree?