• Miklos Szeredi's avatar
    ovl: user xattr · 2d2f2d73
    Miklos Szeredi authored
    Optionally allow using "user.overlay." namespace instead of
    "trusted.overlay."
    
    This is necessary for overlayfs to be able to be mounted in an unprivileged
    namepsace.
    
    Make the option explicit, since it makes the filesystem format be
    incompatible.
    
    Disable redirect_dir and metacopy options, because these would allow
    privilege escalation through direct manipulation of the
    "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    Reviewed-by: default avatarAmir Goldstein <amir73il@gmail.com>
    2d2f2d73
overlayfs.rst 26.7 KB