overlay: filter out xattr starts with "trusted.overlay."

Overlayfs should only filter out xattr starting with "trusted.overlay.", not "trusted.overlay". Setting xattrs like "trusted.overlay.xxx" is not allowed. Setting xattrs like "trusted.overlayxxx" is allowed. v4.8-rc1 introduced a regression that we can't set xattrs like "trusted.overlayxxx". Kernel commit below fixed it in v4.8: fe2b75952347 ovl: Fix OVL_XATTR_PREFIX This case tests both get/set of these 2 kinds of xattrs. Pattern "trusted.overlay.xxx" should fail, however the errno returned by set/get varies among kernel versions. Pattern "trusted.overlayxxx" shold always work. CC: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Xiong Zhou <xzhou@redhat.com> Reviewed-by: Eryu Guan <eguan@redhat.com> Signed-off-by: Eryu Guan <eguan@redhat.com>
2026-05-01 15:01:44 -07:00 · 2017-02-23 17:42:43 +08:00
parent 3eb12b45ef
commit ddac6e0773
3 changed files with 117 additions and 0 deletions
@@ -0,0 +1,110 @@
+#! /bin/bash
+# FS QA Test 026
+#
+# Overlayfs should only filter out xattr starting with
+# "trusted.overlay.", not "trusted.overlay".
+#
+# Setting xattrs like "trusted.overlay.xxx" is not allowed.
+# Setting xattrs like "trusted.overlayxxx" is allowed.
+#
+# v4.8-rc1 introduced a regression that we can't set xattrs
+# like "trusted.overlayxxx".  Kernel commit below fixed it
+# in v4.8:
+#   fe2b75952347 ovl: Fix OVL_XATTR_PREFIX
+#
+# This case tests both get/set of these 2 kinds of xattrs.
+#
+# Pattern "trusted.overlay.xxx" should fail, however the
+# errno returned by set/get varies among kernel versions.
+# Pattern "trusted.overlayxxx" shold always work.
+#
+# This reproducer was originally written by
+#     Miklos Szeredi <mszeredi@redhat.com>
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2017 Red Hat Inc.  All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#-----------------------------------------------------------------------
+#
+
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1	# failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+	cd /
+	rm -f $tmp.*
+}
+
+# get standard environment, filters and checks
+. ./common/rc
+. ./common/attr
+. ./common/filter
+
+# remove previous $seqres.full before test
+rm -f $seqres.full
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs overlay
+_supported_os Linux
+_require_scratch
+_require_attrs
+
+# Remove all files from previous tests
+_scratch_mkfs
+
+# Mounting overlay
+_scratch_mount
+touch $SCRATCH_MNT/testf0
+touch $SCRATCH_MNT/testf1
+
+# {s,g}etfattr of "trusted.overlayxxx" should work.
+#            v4.3/6/7    v4.8-rc1   v4.8  v4.10
+# setfattr    ok         not perm    ok    ok
+# getfattr    ok         no attr     ok    ok
+#
+$SETFATTR_PROG -n "trusted.overlayfsrz" -v "n" \
+  $SCRATCH_MNT/testf0 2>&1 | _filter_scratch
+
+$GETFATTR_PROG --absolute-names -n "trusted.overlayfsrz" \
+  $SCRATCH_MNT/testf0 2>&1 | _filter_scratch
+
+# {s,g}etfattr of "trusted.overlay.xxx" should fail.
+# The errno returned varies among kernel versions,
+#            v4.3/7   v4.8-rc1    v4.8       v4.10
+# setfattr  not perm  not perm   not perm   not supp
+# getfattr  no attr   no attr    not perm   not supp
+#
+# Consider "Operation not {supported,permitted}" pass.
+#
+$SETFATTR_PROG -n "trusted.overlay.fsz" -v "n" \
+  $SCRATCH_MNT/testf1 2>&1 | _filter_scratch | \
+  sed -e 's/permitted/supported/g'
+
+$GETFATTR_PROG --absolute-names -n "trusted.overlay.fsz" \
+  $SCRATCH_MNT/testf1 2>&1 | _filter_scratch | \
+  sed -e 's/permitted/supported/g'
+
+# success, all done
+status=0
+exit
@@ -0,0 +1,6 @@
+QA output created by 026
+# file: SCRATCH_MNT/testf0
+trusted.overlayfsrz="n"
+
+setfattr: SCRATCH_MNT/testf1: Operation not supported
+SCRATCH_MNT/testf1: trusted.overlay.fsz: Operation not supported
@@ -28,3 +28,4 @@
 023 auto quick attr
 024 auto quick
 025 auto quick attr
+026 auto attr quick