From 127c977ab04d56de78c5caf16a8e6446eda340d4 Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Thu, 26 Jul 2018 15:54:55 -0700 Subject: Don't copy-up extended attributes that specifically configure a lower overlay. When copying-up files from a lower fs to an upper, we also copy the extended attributes on the file. If there is a (nested) overlay inside the lower, some of these extended attributes configure the lower overlay, and should not be copied-up to the upper. In particular, whiteout attributes in the lower fs overlay should not be copied-up, since the upper fs may actually contain the file. PiperOrigin-RevId: 206236010 Change-Id: Ia0454ac7b99d0e11383f732a529cb195ed364062 --- pkg/sentry/fs/copy_up.go | 5 +++++ pkg/sentry/fs/overlay.go | 7 +++++++ 2 files changed, 12 insertions(+) (limited to 'pkg') diff --git a/pkg/sentry/fs/copy_up.go b/pkg/sentry/fs/copy_up.go index ea74d0efd..8c949b176 100644 --- a/pkg/sentry/fs/copy_up.go +++ b/pkg/sentry/fs/copy_up.go @@ -402,6 +402,11 @@ func copyAttributesLocked(ctx context.Context, upper *Inode, lower *Inode) error return err } for name := range lowerXattr { + // Don't copy-up attributes that configure an overlay in the + // lower. + if isXattrOverlay(name) { + continue + } value, err := lower.Getxattr(name) if err != nil { return err diff --git a/pkg/sentry/fs/overlay.go b/pkg/sentry/fs/overlay.go index a63f00e0e..7357d6401 100644 --- a/pkg/sentry/fs/overlay.go +++ b/pkg/sentry/fs/overlay.go @@ -16,6 +16,7 @@ package fs import ( "fmt" + "strings" "sync" "gvisor.googlesource.com/gvisor/pkg/log" @@ -76,6 +77,12 @@ func XattrOverlayWhiteout(name string) string { return XattrOverlayWhiteoutPrefix + name } +// isXattrOverlay returns whether the given extended attribute configures the +// overlay. +func isXattrOverlay(name string) bool { + return strings.HasPrefix(name, XattrOverlayPrefix) +} + // NewOverlayRoot produces the root of an overlay. // // Preconditions: -- cgit v1.2.3