From 8f6ee74c27860d4a4c6e0f8cf772bb2afc184bcb Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 2 Sep 2020 10:58:49 +0200 Subject: ovl: rearrange ovl_can_list() ovl_can_list() should return false for overlay private xattrs. Since currently these use the "trusted.overlay." prefix, they will always match the "trusted." prefix as well, hence the test for being non-trusted will not trigger. Prepare for using the "user.overlay." namespace by moving the test for private xattr before the test for non-trusted. This patch doesn't change behavior. Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'fs/overlayfs') diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 96666fe327de..b584dca845ba 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -393,13 +393,16 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name, static bool ovl_can_list(struct super_block *sb, const char *s) { + /* Never list private (.overlay) */ + if (ovl_is_private_xattr(sb, s)) + return false; + /* List all non-trusted xatts */ if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0) return true; - /* Never list trusted.overlay, list other trusted for superuser only */ - return !ovl_is_private_xattr(sb, s) && - ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); + /* list other trusted for superuser only */ + return ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) -- cgit v1.2.3