* protecting overlayfs's lower consistently.
@ 2020-02-28 18:31 Alexander Ivanov
0 siblings, 0 replies; only message in thread
From: Alexander Ivanov @ 2020-02-28 18:31 UTC (permalink / raw)
To: linux-security-module
We have LSM that implements file_open call back to protect fs object based on path. Now, supposed are to protect /mnt/l in the following setup
mount -t overlay -orw,lowerdir=/mnt/l,upperdir=/mnt/u,workdir=/mnt/w none /mnt/m
However, when one attempts to change the upper (for the objects that originates on lower) the dentry passed into vfs_open() and then to do_dentry_open() points to the lower and there seems no easy way to calculate its upper. It
This seems was different in older kernels, eg. 3.10 (rhel7). The changes the seemingly broke that behaviour happened around kernel 4.4. What was a reason for that change and is there anyway to figure out the upper given the lower passed into vfs_open()?
Thanks,
--Alex
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-02-28 18:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-28 18:31 protecting overlayfs's lower consistently Alexander Ivanov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.