summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2020-12-14 15:26:14 +0100
committerMiklos Szeredi <mszeredi@redhat.com>2020-12-14 15:26:14 +0100
commit2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1 (patch)
treeb2977931c4cbb8b17da210f07525800e3a53213b /Documentation
parentovl: simplify file splice (diff)
downloadlinux-2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1.tar.xz
linux-2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1.zip
ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay." This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace. Make the option explicit, since it makes the filesystem format be incompatible. Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/filesystems/overlayfs.rst13
1 files changed, 11 insertions, 2 deletions
diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst
index b86be7c6a952..587a93973929 100644
--- a/Documentation/filesystems/overlayfs.rst
+++ b/Documentation/filesystems/overlayfs.rst
@@ -102,8 +102,8 @@ but not all filesystems that are mountable by Linux have the features
needed for OverlayFS to work. The lower filesystem does not need to be
writable. The lower filesystem can even be another overlayfs. The upper
filesystem will normally be writable and if it is it must support the
-creation of trusted.* extended attributes, and must provide valid d_type in
-readdir responses, so NFS is not suitable.
+creation of trusted.* and/or user.* extended attributes, and must provide
+valid d_type in readdir responses, so NFS is not suitable.
A read-only overlay of two read-only filesystems may use any
filesystem type.
@@ -594,6 +594,15 @@ fresh one. In very limited cases where the user knows that the system has
not crashed and contents of upperdir are intact, The "volatile" directory
can be removed.
+
+User xattr
+----------
+
+The the "-o userxattr" mount option forces overlayfs to use the
+"user.overlay." xattr namespace instead of "trusted.overlay.". This is
+useful for unprivileged mounting of overlayfs.
+
+
Testsuite
---------