| From fd3220d37b1f6f0cab6142d98b0e6c4082e63299 Mon Sep 17 00:00:00 2001 |
| From: Miklos Szeredi <mszeredi@redhat.com> |
| Date: Mon, 31 Oct 2016 14:42:14 +0100 |
| Subject: ovl: update S_ISGID when setting posix ACLs |
| |
| From: Miklos Szeredi <mszeredi@redhat.com> |
| |
| commit fd3220d37b1f6f0cab6142d98b0e6c4082e63299 upstream. |
| |
| This change fixes xfstest generic/375, which failed to clear the |
| setgid bit in the following test case on overlayfs: |
| |
| touch $testfile |
| chown 100:100 $testfile |
| chmod 2755 $testfile |
| _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile |
| |
| Reported-by: Amir Goldstein <amir73il@gmail.com> |
| Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
| Tested-by: Amir Goldstein <amir73il@gmail.com> |
| Fixes: d837a49bd57f ("ovl: fix POSIX ACL setting") |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/overlayfs/super.c | 15 +++++++++++++++ |
| 1 file changed, 15 insertions(+) |
| |
| --- a/fs/overlayfs/super.c |
| +++ b/fs/overlayfs/super.c |
| @@ -1026,6 +1026,21 @@ ovl_posix_acl_xattr_set(const struct xat |
| |
| posix_acl_release(acl); |
| |
| + /* |
| + * Check if sgid bit needs to be cleared (actual setacl operation will |
| + * be done with mounter's capabilities and so that won't do it for us). |
| + */ |
| + if (unlikely(inode->i_mode & S_ISGID) && |
| + handler->flags == ACL_TYPE_ACCESS && |
| + !in_group_p(inode->i_gid) && |
| + !capable_wrt_inode_uidgid(inode, CAP_FSETID)) { |
| + struct iattr iattr = { .ia_valid = ATTR_KILL_SGID }; |
| + |
| + err = ovl_setattr(dentry, &iattr); |
| + if (err) |
| + return err; |
| + } |
| + |
| err = ovl_xattr_set(dentry, handler->name, value, size, flags); |
| if (!err) |
| ovl_copyattr(ovl_inode_real(inode, NULL), inode); |
