ovl_rename2 seems okay. As before, the vfs does inode permission checks on the overlayfs inodes which results in checks on the upper and/or lower dir inodes as appropriate. These checks appear to be sufficient to imply permission to do everything ovl_rename2 does with elevated credentials. That said, ovl_rename2 does quite a bit of stuff with elevated creds, and that leaves me feeling a bit uncomfortable.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1531747 Title: overlay: mkdir fails if directory exists in lowerdir in a user namespace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1531747/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
