On Wed, Nov 14, 2018 at 02:09:01PM +0200, Amir Goldstein wrote:
[..]
> Vivek, Mark,
>
> Either of you care to implement dropping privileges for the duration
> of unionmount-testsuite test cases (in between mounts and unmounts)?
Hi Amir,
I think it will be good to drop priviliges while running
unionmount-testsuite.
BTW, docker build used to run as root/priviliged user. Is that not the case
anymore? Why did it fail to begin with.
Thanks
Vivek
>
> Thanks,
> Amir.
>
> ---
>
> diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
> index c6289147c787..82c129bfe58d 100644
> --- a/fs/overlayfs/dir.c
> +++ b/fs/overlayfs/dir.c
> @@ -651,6 +651,18 @@ static int ovl_symlink(struct inode *dir, struct
> dentry *dentry,
> return ovl_create_object(dentry, S_IFLNK, 0, link);
> }
>
> +static int ovl_set_link_redirect(struct dentry *dentry)
> +{
> + const struct cred *old_cred;
> + int err;
> +
> + old_cred = ovl_override_creds(dentry->d_sb);
> + err = ovl_set_redirect(dentry, false);
> + revert_creds(old_cred);
> +
> + return err;
> +}
> +
> static int ovl_link(struct dentry *old, struct inode *newdir,
> struct dentry *new)
> {
> @@ -670,7 +682,7 @@ static int ovl_link(struct dentry *old, struct
> inode *newdir,
> goto out_drop_write;
>
> if (ovl_is_metacopy_dentry(old)) {
> - err = ovl_set_redirect(old, false);
> + err = ovl_set_link_redirect(old);
> if (err)
> goto out_drop_write;
> }