diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:14 +0100 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-12-14 15:26:14 +0100 |
| commit | 2d2f2d7322ff43e0fe92bf8cccdc0b09449bf2e1 (patch) | |
| tree | b2977931c4cbb8b17da210f07525800e3a53213b /fs/overlayfs/ovl_entry.h | |
| parent | 82a763e61e2b601309d696d4fa514c77d64ee1be (diff) | |
ovl: user xattr
Optionally allow using "user.overlay." namespace instead of
"trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged
namepsace.
Make the option explicit, since it makes the filesystem format be
incompatible.
Disable redirect_dir and metacopy options, because these would allow
privilege escalation through direct manipulation of the
"user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Diffstat (limited to 'fs/overlayfs/ovl_entry.h')
| -rw-r--r-- | fs/overlayfs/ovl_entry.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h index b7a73ea147b8..fbd5e27ce66b 100644 --- a/fs/overlayfs/ovl_entry.h +++ b/fs/overlayfs/ovl_entry.h @@ -18,6 +18,7 @@ struct ovl_config { bool nfs_export; int xino; bool metacopy; + bool userxattr; bool ovl_volatile; }; |