projects / sdk / emulator / emulator-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d5cde6e) | patch
ovl: filter trusted xattr for non-admin 74/307874/1
authorMiklos Szeredi <mszeredi@redhat.com>
Mon, 29 May 2017 13:15:27 +0000 (15:15 +0200)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 14 Mar 2024 02:20:55 +0000 (11:20 +0900)
commit8c0e3703fec598b33175c19a3cfba6debe6f295f
tree212bee9e3cb84ad931f88f8ec5215c20a638235ftree | snapshot
parentd5cde6e2a558db694409b17a3de57fbc1d1d336ecommit | diff
ovl: filter trusted xattr for non-admin

[ Upstream commit a082c6f680da298cf075886ff032f32ccb7c5e1a ]

Filesystems filter out extended attributes in the "trusted." domain for
unprivlieged callers.

Overlay calls underlying filesystem's method with elevated privs, so need
to do the filtering in overlayfs too.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick linux-4.4.y commit d88cbbe7ba0c to fix smack deny issue on overlayfs]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I3d7bb51db6e57d16f05fef56d65170aab9bb63f2
fs/overlayfs/inode.c diff | blob | history
Domain: SDK / Emulator;