ovl: rearrange ovl_can_list()

ovl_can_list() should return false for overlay private xattrs. Since currently these use the "trusted.overlay." prefix, they will always match the "trusted." prefix as well, hence the test for being non-trusted will not trigger. Prepare for using the "user.overlay." namespace by moving the test for private xattr before the test for non-trusted. This patch doesn't change behavior. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

ovl: rearrange ovl_can_list()
ovl_can_list() should return false for overlay private xattrs. Since currently these use the "trusted.overlay." prefix, they will always match the "trusted." prefix as well, hence the test for being non-trusted will not trigger. Prepare for using the "user.overlay." namespace by moving the test for private xattr before the test for non-trusted. This patch doesn't change behavior. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
8f6ee74c · Miklos Szeredi · 43d193f8 · 8f6ee74c
Commit 8f6ee74c authored Sep 02, 2020 by Miklos Szeredi
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

fs/overlayfs/inode.c fs/overlayfs/inode.c +6 -3

No files found.
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -393,13 +393,16 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
 static bool ovl_can_list(struct super_block *sb, const char *s)
 {
+	/* Never list private (.overlay) */
+	if (ovl_is_private_xattr(sb, s))
+		return false;
 	/* List all non-trusted xatts */
 	if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
 		return true;
-	/* Never list trusted.overlay, list other trusted for superuser only */
+	/* list other trusted for superuser only */
-	return !ovl_is_private_xattr(sb, s) &&
+	return ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
-	       ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
 }
 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)