tmpfs: Allow xattrs in the trusted namespace if creds has CAP_SYS_ADMIN.

This is needed to support the overlay opaque attribute. PiperOrigin-RevId: 328552985
author: Nicolas Lacasse <nlacasse@google.com> 2020-08-26 10:03:46 -0700
committer: Andrei Vagin <avagin@gmail.com> 2020-09-09 17:53:10 -0700
commit: 2a322c451e0a04df55d8fa4ea6e055da39231efa (patch)
tree: 0c4a80d1db58c46d15c8569359356d387e9db67a /pkg/sentry/fsimpl/overlay
parent: 5116c7be8d64934980937113870a8fbc82b14ea0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go
index a3cee4047..e720bfb0b 100644
--- a/pkg/sentry/fsimpl/overlay/filesystem.go
+++ b/pkg/sentry/fsimpl/overlay/filesystem.go
@@ -30,7 +30,7 @@ import (
 // _OVL_XATTR_OPAQUE is an extended attribute key whose value is set to "y" for
 // opaque directories.
 // Linux: fs/overlayfs/overlayfs.h:OVL_XATTR_OPAQUE
-const _OVL_XATTR_OPAQUE = "trusted.overlay.opaque"
+const _OVL_XATTR_OPAQUE = linux.XATTR_TRUSTED_PREFIX + "overlay.opaque"
 
 func isWhiteout(stat *linux.Statx) bool {
 	return stat.Mode&linux.S_IFMT == linux.S_IFCHR && stat.RdevMajor == 0 && stat.RdevMinor == 0
author	Nicolas Lacasse <nlacasse@google.com>	2020-08-26 10:03:46 -0700
committer	Andrei Vagin <avagin@gmail.com>	2020-09-09 17:53:10 -0700
commit	2a322c451e0a04df55d8fa4ea6e055da39231efa (patch)
tree	0c4a80d1db58c46d15c8569359356d387e9db67a /pkg/sentry/fsimpl/overlay
parent	5116c7be8d64934980937113870a8fbc82b14ea0 (diff)