Commit 8f6ee74c authored by Miklos Szeredi's avatar Miklos Szeredi

ovl: rearrange ovl_can_list()

ovl_can_list() should return false for overlay private xattrs.  Since
currently these use the "trusted.overlay." prefix, they will always match
the "trusted." prefix as well, hence the test for being non-trusted will
not trigger.

Prepare for using the "user.overlay." namespace by moving the test for
private xattr before the test for non-trusted.

This patch doesn't change behavior.
Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
parent 43d193f8
...@@ -393,13 +393,16 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name, ...@@ -393,13 +393,16 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
static bool ovl_can_list(struct super_block *sb, const char *s) static bool ovl_can_list(struct super_block *sb, const char *s)
{ {
/* Never list private (.overlay) */
if (ovl_is_private_xattr(sb, s))
return false;
/* List all non-trusted xatts */ /* List all non-trusted xatts */
if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0) if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
return true; return true;
/* Never list trusted.overlay, list other trusted for superuser only */ /* list other trusted for superuser only */
return !ovl_is_private_xattr(sb, s) && return ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
} }
ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment