diff options
author | Amir Goldstein <amir73il@gmail.com> | 2022-10-17 17:06:39 +0200 |
---|---|---|
committer | Christian Brauner (Microsoft) <brauner@kernel.org> | 2022-10-18 10:09:48 +0200 |
commit | 23a8ce16419a3066829ad4a8b7032a75817af65b (patch) | |
tree | 0f6c78c0bbc33fd39541976939755919f3d3bb56 /fs/overlayfs/file.c | |
parent | ovl: remove privs in ovl_copyfile() (diff) | |
download | linux-23a8ce16419a3066829ad4a8b7032a75817af65b.tar.xz linux-23a8ce16419a3066829ad4a8b7032a75817af65b.zip |
ovl: remove privs in ovl_fallocate()
Underlying fs doesn't remove privs because fallocate is called with
privileged mounter credentials.
This fixes some failure in fstests generic/683..687.
Fixes: aab8848cee5e ("ovl: add ovl_fallocate()")
Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'fs/overlayfs/file.c')
-rw-r--r-- | fs/overlayfs/file.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 755a11c63596..d066be3b9226 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -517,9 +517,16 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len const struct cred *old_cred; int ret; + inode_lock(inode); + /* Update mode */ + ovl_copyattr(inode); + ret = file_remove_privs(file); + if (ret) + goto out_unlock; + ret = ovl_real_fdget(file, &real); if (ret) - return ret; + goto out_unlock; old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = vfs_fallocate(real.file, mode, offset, len); @@ -530,6 +537,9 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len fdput(real); +out_unlock: + inode_unlock(inode); + return ret; } |