Commit bb0d2b8a authored by Miklos Szeredi's avatar Miklos Szeredi

ovl: fix sgid on directory

When creating directory in workdir, the group/sgid inheritance from the
parent dir was omitted completely.  Fix this by calling inode_init_owner()
on overlay inode and using the resulting uid/gid/mode to create the file.

Unfortunately the sgid bit can be stripped off due to umask, so need to
reset the mode in this case in workdir before moving the directory in
place.
Reported-by: default avatarEryu Guan <eguan@redhat.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
parent 9c630ebe
...@@ -357,6 +357,21 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, ...@@ -357,6 +357,21 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
if (err) if (err)
goto out_dput2; goto out_dput2;
/*
* mode could have been mutilated due to umask (e.g. sgid directory)
*/
if (!S_ISLNK(stat->mode) && newdentry->d_inode->i_mode != stat->mode) {
struct iattr attr = {
.ia_valid = ATTR_MODE,
.ia_mode = stat->mode,
};
inode_lock(newdentry->d_inode);
err = notify_change(newdentry, &attr, NULL);
inode_unlock(newdentry->d_inode);
if (err)
goto out_cleanup;
}
if (S_ISDIR(stat->mode)) { if (S_ISDIR(stat->mode)) {
err = ovl_set_opaque(newdentry); err = ovl_set_opaque(newdentry);
if (err) if (err)
...@@ -397,7 +412,6 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev, ...@@ -397,7 +412,6 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
const struct cred *old_cred; const struct cred *old_cred;
struct cred *override_cred; struct cred *override_cred;
struct kstat stat = { struct kstat stat = {
.mode = mode,
.rdev = rdev, .rdev = rdev,
}; };
...@@ -410,12 +424,15 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev, ...@@ -410,12 +424,15 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
if (err) if (err)
goto out_iput; goto out_iput;
inode_init_owner(inode, dentry->d_parent->d_inode, mode);
stat.mode = inode->i_mode;
old_cred = ovl_override_creds(dentry->d_sb); old_cred = ovl_override_creds(dentry->d_sb);
err = -ENOMEM; err = -ENOMEM;
override_cred = prepare_creds(); override_cred = prepare_creds();
if (override_cred) { if (override_cred) {
override_cred->fsuid = old_cred->fsuid; override_cred->fsuid = inode->i_uid;
override_cred->fsgid = old_cred->fsgid; override_cred->fsgid = inode->i_gid;
put_cred(override_creds(override_cred)); put_cred(override_creds(override_cred));
put_cred(override_cred); put_cred(override_cred);
...@@ -427,8 +444,14 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev, ...@@ -427,8 +444,14 @@ static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
link, hardlink); link, hardlink);
} }
revert_creds(old_cred); revert_creds(old_cred);
if (!err) if (!err) {
struct inode *realinode = d_inode(ovl_dentry_upper(dentry));
WARN_ON(inode->i_mode != realinode->i_mode);
WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid));
WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid));
inode = NULL; inode = NULL;
}
out_iput: out_iput:
iput(inode); iput(inode);
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment