diff options
author | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:14 +0100 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:14 +0100 |
commit | 2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1 (patch) | |
tree | b2977931c4cbb8b17da210f07525800e3a53213b /Documentation | |
parent | ovl: simplify file splice (diff) | |
download | linux-2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1.tar.xz linux-2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1.zip |
ovl: user xattr
Optionally allow using "user.overlay." namespace instead of
"trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged
namepsace.
Make the option explicit, since it makes the filesystem format be
incompatible.
Disable redirect_dir and metacopy options, because these would allow
privilege escalation through direct manipulation of the
"user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/filesystems/overlayfs.rst | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst index b86be7c6a952..587a93973929 100644 --- a/Documentation/filesystems/overlayfs.rst +++ b/Documentation/filesystems/overlayfs.rst @@ -102,8 +102,8 @@ but not all filesystems that are mountable by Linux have the features needed for OverlayFS to work. The lower filesystem does not need to be writable. The lower filesystem can even be another overlayfs. The upper filesystem will normally be writable and if it is it must support the -creation of trusted.* extended attributes, and must provide valid d_type in -readdir responses, so NFS is not suitable. +creation of trusted.* and/or user.* extended attributes, and must provide +valid d_type in readdir responses, so NFS is not suitable. A read-only overlay of two read-only filesystems may use any filesystem type. @@ -594,6 +594,15 @@ fresh one. In very limited cases where the user knows that the system has not crashed and contents of upperdir are intact, The "volatile" directory can be removed. + +User xattr +---------- + +The the "-o userxattr" mount option forces overlayfs to use the +"user.overlay." xattr namespace instead of "trusted.overlay.". This is +useful for unprivileged mounting of overlayfs. + + Testsuite --------- |