Searched hist:"2 d2f2d73" (Results 1 – 6 of 6) sorted by relevance
/openbmc/linux/Documentation/filesystems/ |
H A D | overlayfs.rst | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|
/openbmc/linux/fs/overlayfs/ |
H A D | ovl_entry.h | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|
H A D | util.c | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|
H A D | overlayfs.h | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|
H A D | inode.c | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|
H A D | super.c | 2d2f2d73 Mon Dec 14 08:26:14 CST 2020 Miklos Szeredi <mszeredi@redhat.com> ovl: user xattr
Optionally allow using "user.overlay." namespace instead of "trusted.overlay."
This is necessary for overlayfs to be able to be mounted in an unprivileged namepsace.
Make the option explicit, since it makes the filesystem format be incompatible.
Disable redirect_dir and metacopy options, because these would allow privilege escalation through direct manipulation of the "user.overlay.redirect" or "user.overlay.metacopy" xattrs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
|