releases/4.9.94/ovl-filter-trusted-xattr-for-non-admin.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Mon Apr  9 17:09:24 CEST 2018
 From: Miklos Szeredi <mszeredi@redhat.com>
 Date: Mon, 29 May 2017 15:15:27 +0200
 Subject: ovl: filter trusted xattr for non-admin

 From: Miklos Szeredi <mszeredi@redhat.com>


 [ Upstream commit a082c6f680da298cf075886ff032f32ccb7c5e1a ]

 Filesystems filter out extended attributes in the "trusted." domain for
 unprivlieged callers.

 Overlay calls underlying filesystem's method with elevated privs, so need
 to do the filtering in overlayfs too.

 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  fs/overlayfs/inode.c |   12 +++++++++++-
  1 file changed, 11 insertions(+), 1 deletion(-)

 --- a/fs/overlayfs/inode.c
 +++ b/fs/overlayfs/inode.c
 @@ -227,6 +227,16 @@ int ovl_xattr_get(struct dentry *dentry,
  	return res;
  }

 +static bool ovl_can_list(const char *s)
 +{
 +	/* List all non-trusted xatts */
 +	if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
 +		return true;
 +
 +	/* Never list trusted.overlay, list other trusted for superuser only */
 +	return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
 +}
 +
  ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
  {
  	struct dentry *realdentry = ovl_dentry_real(dentry);
 @@ -250,7 +260,7 @@ ssize_t ovl_listxattr(struct dentry *den
  			return -EIO;

  		len -= slen;
 -		if (ovl_is_private_xattr(s)) {
 +		if (!ovl_can_list(s)) {
  			res -= slen;
  			memmove(s, s + slen, len);
  		} else {
	From foo@baz Mon Apr 9 17:09:24 CEST 2018
	From: Miklos Szeredi <mszeredi@redhat.com>
	Date: Mon, 29 May 2017 15:15:27 +0200
	Subject: ovl: filter trusted xattr for non-admin

	From: Miklos Szeredi <mszeredi@redhat.com>


	[ Upstream commit a082c6f680da298cf075886ff032f32ccb7c5e1a ]

	Filesystems filter out extended attributes in the "trusted." domain for
	unprivlieged callers.

	Overlay calls underlying filesystem's method with elevated privs, so need
	to do the filtering in overlayfs too.

	Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	fs/overlayfs/inode.c \| 12 +++++++++++-
	1 file changed, 11 insertions(+), 1 deletion(-)

	--- a/fs/overlayfs/inode.c
	+++ b/fs/overlayfs/inode.c
	@@ -227,6 +227,16 @@ int ovl_xattr_get(struct dentry *dentry,
	return res;
	}

	+static bool ovl_can_list(const char *s)
	+{
	+ /* List all non-trusted xatts */
	+ if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
	+ return true;
	+
	+ /* Never list trusted.overlay, list other trusted for superuser only */
	+ return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
	+}
	+
	ssize_t ovl_listxattr(struct dentry dentry, char list, size_t size)
	{
	struct dentry *realdentry = ovl_dentry_real(dentry);
	@@ -250,7 +260,7 @@ ssize_t ovl_listxattr(struct dentry *den
	return -EIO;

	len -= slen;
	- if (ovl_is_private_xattr(s)) {
	+ if (!ovl_can_list(s)) {
	res -= slen;
	memmove(s, s + slen, len);
	} else {