• Miklos Szeredi's avatar
    ovl: simplify permission checking · 9c630ebe
    Miklos Szeredi authored
    The fact that we always do permission checking on the overlay inode and
    clear MAY_WRITE for checking access to the lower inode allows cruft to be
    removed from ovl_permission().
    
    1) "default_permissions" option effectively did generic_permission() on the
    overlay inode with i_mode, i_uid and i_gid updated from underlying
    filesystem.  This is what we do by default now.  It did the update using
    vfs_getattr() but that's only needed if the underlying filesystem can
    change (which is not allowed).  We may later introduce a "paranoia_mode"
    that verifies that mode/uid/gid are not changed.
    
    2) splitting out the IS_RDONLY() check from inode_permission() also becomes
    unnecessary once we remove the MAY_WRITE from the lower inode check.
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    9c630ebe
overlayfs.h 6.95 KB