438c84c2f0
Overlayfs is following redirects even when redirects are disabled. If this is unintentional (probably the majority of cases) then this can be a problem. E.g. upper layer comes from untrusted USB drive, and attacker crafts a redirect to enable read access to otherwise unreadable directories. If "redirect_dir=off", then turn off following as well as creation of redirects. If "redirect_dir=follow", then turn on following, but turn off creation of redirects (which is what "redirect_dir=off" does now). This is a backward incompatible change, so make it dependent on a config option. Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
56 lines
2.3 KiB
Plaintext
56 lines
2.3 KiB
Plaintext
config OVERLAY_FS
|
|
tristate "Overlay filesystem support"
|
|
select EXPORTFS
|
|
help
|
|
An overlay filesystem combines two filesystems - an 'upper' filesystem
|
|
and a 'lower' filesystem. When a name exists in both filesystems, the
|
|
object in the 'upper' filesystem is visible while the object in the
|
|
'lower' filesystem is either hidden or, in the case of directories,
|
|
merged with the 'upper' object.
|
|
|
|
For more information see Documentation/filesystems/overlayfs.txt
|
|
|
|
config OVERLAY_FS_REDIRECT_DIR
|
|
bool "Overlayfs: turn on redirect dir feature by default"
|
|
depends on OVERLAY_FS
|
|
help
|
|
If this config option is enabled then overlay filesystems will use
|
|
redirects when renaming directories by default. In this case it is
|
|
still possible to turn off redirects globally with the
|
|
"redirect_dir=off" module option or on a filesystem instance basis
|
|
with the "redirect_dir=off" mount option.
|
|
|
|
Note, that redirects are not backward compatible. That is, mounting
|
|
an overlay which has redirects on a kernel that doesn't support this
|
|
feature will have unexpected results.
|
|
|
|
config OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW
|
|
bool "Overlayfs: follow redirects even if redirects are turned off"
|
|
default y
|
|
depends on OVERLAY_FS
|
|
help
|
|
Disable this to get a possibly more secure configuration, but that
|
|
might not be backward compatible with previous kernels.
|
|
|
|
For more information, see Documentation/filesystems/overlayfs.txt
|
|
|
|
config OVERLAY_FS_INDEX
|
|
bool "Overlayfs: turn on inodes index feature by default"
|
|
depends on OVERLAY_FS
|
|
help
|
|
If this config option is enabled then overlay filesystems will use
|
|
the inodes index dir to map lower inodes to upper inodes by default.
|
|
In this case it is still possible to turn off index globally with the
|
|
"index=off" module option or on a filesystem instance basis with the
|
|
"index=off" mount option.
|
|
|
|
The inodes index feature prevents breaking of lower hardlinks on copy
|
|
up.
|
|
|
|
Note, that the inodes index feature is read-only backward compatible.
|
|
That is, mounting an overlay which has an index dir on a kernel that
|
|
doesn't support this feature read-only, will not have any negative
|
|
outcomes. However, mounting the same overlay with an old kernel
|
|
read-write and then mounting it again with a new kernel, will have
|
|
unexpected results.
|