ovl: use vfs_set_acl_prepare()

author Christian Brauner <brauner@kernel.org>

Mon, 29 Aug 2022 12:38:44 +0000 (14:38 +0200)

committer Christian Brauner (Microsoft) <brauner@kernel.org>

Wed, 31 Aug 2022 14:38:07 +0000 (16:38 +0200)
author Christian Brauner <brauner@kernel.org>
Mon, 29 Aug 2022 12:38:44 +0000 (14:38 +0200)
committer Christian Brauner (Microsoft) <brauner@kernel.org>
Wed, 31 Aug 2022 14:38:07 +0000 (16:38 +0200)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c

index ec746d447f1bb147d637ffca6236eac13b348599..5da771b218d1477b2d01994743c50f53fc99fc26 100644 (file)
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1022,7 +1022,20 @@ ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
  
         /* Check that everything is OK before copy-up */
         if (value) {
-               acl = posix_acl_from_xattr(&init_user_ns, value, size);
+               /* The above comment can be understood in two ways:
+                *
+                * 1. We just want to check whether the basic POSIX ACL format
+                *    is ok. For example, if the header is correct and the size
+                *    is sane.
+                * 2. We want to know whether the ACL_{GROUP,USER} entries can
+                *    be mapped according to the underlying filesystem.
+                *
+                * Currently, we only check 1. If we wanted to check 2. we
+                * would need to pass the mnt_userns and the fs_userns of the
+                * underlying filesystem. But frankly, I think checking 1. is
+                * enough to start the copy-up.
+                */
+               acl = vfs_set_acl_prepare(&init_user_ns, &init_user_ns, value, size);
                 if (IS_ERR(acl))
                         return PTR_ERR(acl);
         }
author	Christian Brauner <brauner@kernel.org>
	Mon, 29 Aug 2022 12:38:44 +0000 (14:38 +0200)
committer	Christian Brauner (Microsoft) <brauner@kernel.org>
	Wed, 31 Aug 2022 14:38:07 +0000 (16:38 +0200)