On 11/06/2018 12:39 AM, Miklos Szeredi wrote:
On Mon, Nov 5, 2018 at 7:47 PM, Amir Goldstein wrote:
On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn wrote:
@@ -1549,7 +1569,8 @@ static int ovl_fill_super(struct super_block *sb, void
*data, int silent)
ovl_dentry_lower(root
On Mon, Nov 5, 2018 at 7:47 PM, Amir Goldstein wrote:
> On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn wrote:
>>
>> By default, all access to the upper, lower and work directories is the
>> recorded mounter's MAC and DAC credentials. The incoming accesses are
>> checked against the caller's credent
On Mon, Nov 5, 2018 at 8:22 PM Mark Salyzyn wrote:
>
> By default, all access to the upper, lower and work directories is the
> recorded mounter's MAC and DAC credentials. The incoming accesses are
> checked against the caller's credentials.
>
> If the principles of least privilege are applied, t
By default, all access to the upper, lower and work directories is the
recorded mounter's MAC and DAC credentials. The incoming accesses are
checked against the caller's credentials.
If the principles of least privilege are applied, the mounter's
credentials might not overlap the credentials of t
