ovl: handle idmappings in ovl_get_acl()

During permission checking overlayfs will call

ovl_permission()
-> generic_permission()
   -> acl_permission_check()
      -> check_acl()
         -> get_acl()
            -> inode->i_op->get_acl() == ovl_get_acl()
               -> get_acl() /* on the underlying filesystem */
                  -> inode->i_op->get_acl() == /*lower filesystem callback */
         -> posix_acl_permission()

passing through the get_acl() request to the underlying filesystem.

Before returning these values to the VFS we need to take the idmapping of the
relevant layer into account and translate any ACL_{GROUP,USER} values according
to the idmapped mount.

We cannot alter the ACLs returned from the relevant layer directly as that
would alter the cached values filesystem wide for the lower filesystem. Instead
we can clone the ACLs and then apply the relevant idmapping of the layer.

This is obviously only relevant when idmapped layers are used.

Link: https://lore.kernel.org/r/[email protected]
Cc: Seth Forshee <[email protected]>
Cc: Amir Goldstein <[email protected]>
Cc: Vivek Goyal <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Aleksa Sarai <[email protected]>
Cc: Miklos Szeredi <[email protected]>
Cc: [email protected]
Reviewed-by: Seth Forshee <[email protected]>
Signed-off-by: Christian Brauner (Microsoft) <[email protected]>

0 files changed, 0 insertions, 0 deletions