diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2020-08-26 10:03:46 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-08-26 10:05:34 -0700 |
commit | 83a8b309e949df4b8f82f26085cd62284f9eeb87 (patch) | |
tree | 0c4a80d1db58c46d15c8569359356d387e9db67a /pkg/sentry/fsimpl/overlay/filesystem.go | |
parent | ebf5293374bc94e01eb58ebe29a1e53aa404d3a7 (diff) |
tmpfs: Allow xattrs in the trusted namespace if creds has CAP_SYS_ADMIN.
This is needed to support the overlay opaque attribute.
PiperOrigin-RevId: 328552985
Diffstat (limited to 'pkg/sentry/fsimpl/overlay/filesystem.go')
-rw-r--r-- | pkg/sentry/fsimpl/overlay/filesystem.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go index a3cee4047..e720bfb0b 100644 --- a/pkg/sentry/fsimpl/overlay/filesystem.go +++ b/pkg/sentry/fsimpl/overlay/filesystem.go @@ -30,7 +30,7 @@ import ( // _OVL_XATTR_OPAQUE is an extended attribute key whose value is set to "y" for // opaque directories. // Linux: fs/overlayfs/overlayfs.h:OVL_XATTR_OPAQUE -const _OVL_XATTR_OPAQUE = "trusted.overlay.opaque" +const _OVL_XATTR_OPAQUE = linux.XATTR_TRUSTED_PREFIX + "overlay.opaque" func isWhiteout(stat *linux.Statx) bool { return stat.Mode&linux.S_IFMT == linux.S_IFCHR && stat.RdevMajor == 0 && stat.RdevMinor == 0 |