Age | Commit message (Collapse) | Author |
|
Imaging using ext4 as upperdir which has a file "hello" and lowdir is
totally empty.
1. mount -t overlayfs overlayfs -o lowerdir=/lower,upperdir=/upper /overlay
2. cd /overlay
3. ln hello bye
then the overlayfs code will call vfs_link to create a real ext4
dentry for "bye" and create
a new overlayfs dentry point to overlayfs inode (which standed for
"hello"). That means:
two overlayfs dentries and only one overlayfs inode.
and then
4. umount /overlay
5. mount -t overlayfs overlayfs -o lowerdir=/lower,upperdir=/upper
/overlay (again)
6. cd /overlay
7. ls hello bye
the overlayfs will create two inodes(one for the "hello", another
for the "bye") and two dentries (each point a inode).That means:
two dentries and two inodes.
As above, with different order of "create link" and "mount", the
result is not the same.
In order to make the behavior coherent, we need to create inode in ovl_link.
Signed-off-by: Robin Dong <sanbai@taobao.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
After allocating a new inode, if the mode of inode is incorrect, we should
release it by iput().
Signed-off-by: Robin Dong <sanbai@taobao.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add a simple read-only counter to super_block that indicates deep this
is in the stack of filesystems. Previously ecryptfs was the only
stackable filesystem and it explicitly disallowed multiple layers of
itself.
Overlayfs, however, can be stacked recursively and also may be stacked
on top of ecryptfs or vice versa.
To limit the kernel stack usage we must limit the depth of the
filesystem stack. Initially the limit is set to 2.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Document the overlay filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
This is useful because of the stacking nature of overlayfs. Users like to
find out (via /proc/mounts) which lower/upper directory were used at mount
time.
Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add support for statfs to the overlayfs filesystem. As the upper layer
is the target of all write operations assume that the space in that
filesystem is the space in the overlayfs. There will be some inaccuracy as
overwriting a file will copy it up and consume space we were not expecting,
but it is better than nothing.
Use the upper layer dentry and mount from the overlayfs root inode,
passing the statfs call to that filesystem.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Overlayfs allows one, usually read-write, directory tree to be
overlaid onto another, read-only directory tree. All modifications
go to the upper, writable layer.
This type of mechanism is most often used for live CDs but there's a
wide variety of other uses.
The implementation differs from other "union filesystem"
implementations in that after a file is opened all operations go
directly to the underlying, lower or upper, filesystems. This
simplifies the implementation and allows native performance in these
cases.
The dentry tree is duplicated from the underlying filesystems, this
enables fast cached lookups without adding special support into the
VFS. This uses slightly more memory than union mounts, but dentries
are relatively small.
Currently inodes are duplicated as well, but it is a possible
optimization to share inodes for non-directories.
Opening non directories results in the open forwarded to the
underlying filesystem. This makes the behavior very similar to union
mounts (with the same limitations vs. fchmod/fchown on O_RDONLY file
descriptors).
Usage:
mount -t overlay -olowerdir=/lower,upperdir=/upper overlay /mnt
Supported:
- all operations
Missing:
- Currently a crash in the middle of copy-up, rename, unlink, rmdir or create
over a whiteout may result in filesystem corruption on the overlay level.
IOW these operations need to become atomic or at least the corruption needs
to be detected.
The following cotributions have been folded into this patch:
Neil Brown <neilb@suse.de>:
- minimal remount support
- use correct seek function for directories
- initialise is_real before use
- rename ovl_fill_cache to ovl_dir_read
Felix Fietkau <nbd@openwrt.org>:
- fix a deadlock in ovl_dir_read_merged
- fix a deadlock in ovl_remove_whiteouts
Erez Zadok <ezk@fsl.cs.sunysb.edu>
- fix cleanup after WARN_ON
Sedat Dilek <sedat.dilek@googlemail.com>
- fix up permission to confirm to new API
Also thanks to the following people for testing and reporting bugs:
Jordi Pujol <jordipujolp@gmail.com>
Andy Whitcroft <apw@canonical.com>
Michal Suchanek <hramrach@centrum.cz>
Felix Fietkau <nbd@openwrt.org>
Erez Zadok <ezk@fsl.cs.sunysb.edu>
Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Overlayfs needs a private clone of the mount, so create a function for
this and export to modules.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Export do_splice_direct() to modules. Needed by overlay filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add a new inode operation i_op->open(). This is for stacked
filesystems that want to return a struct file from a different
filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Make __dentry_open() take a struct path instead of separate vfsmount and dentry
arguments.
Change semantics as well, so that __dentry_open() acquires a reference to path
instead of transferring it to the open file.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
When we enable the zconfdump() debugging we see assertion failures
attempting to print the config. Convert this into a noop.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/984288
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/977246
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/977246
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/972355
We have been seeing increasing reports of scarey ioctl messages in
dmesg, such as the below often in bulk:
mdadm: sending ioctl 1261 to a partition!
mdadm: sending ioctl 800c0910 to a partition!
Looking at the upstream discussions these are all benign and can be safely
suppressed. This patch is based on some discussions at the link below,
on some work SUSE did in this area. This is not suitable for upstreaming
as we need some refactoring to fix the 32bit compat ioctl mess.
Link: http://www.spinics.net/lists/raid/msg37770.html
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Violations of seccomp filters should always be reported, regardless
of audit context. This the minimal change version of what has been
proposed upstream: https://lkml.org/lkml/2012/3/23/332
Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/969309
OK. Then, I think we also want to fix these warnings probably introduced by
commit a6021559 "UBUNTU: SAUCE: (no-up) Modularize vesafb".
WARNING: drivers/video/vesafb.o(.exit.text+0x42): Section mismatch in reference from the function vesafb_remove() to the (unknown reference) .init.data:(unknown)
The function __exit vesafb_remove() references
a (unknown reference) __initdata (unknown).
This is often seen when error handling in the exit function
uses functionality in the init path.
The fix is often to remove the __initdata annotation of
(unknown) so it may be used outside an init section.
WARNING: drivers/video/vesafb.o(.exit.text+0x4a): Section mismatch in reference from the function vesafb_remove() to the variable .init.data:vesafb_fix
The function __exit vesafb_remove() references
a variable __initdata vesafb_fix.
This is often seen when error handling in the exit function
uses functionality in the init path.
The fix is often to remove the __initdata annotation of
vesafb_fix so it may be used outside an init section.
Reported-by: Tetsuo Honda <from-ubuntu@I-love.SAKURA.ne.jp>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
it is unsupported
Submitted upstream.
BugLink: http://bugs.launchpad.net/bugs/962038
Right now using pcie_aspm=force will not enable ASPM if the FADT indicates
ASPM is unsupported. However, the semantics of force should probably allow
for this, especially as they did before the ASPM disable rework with commit
3c076351c4027a56d5005a39a0b518a4ba393ce2
This patch just skips the clearing of any ASPM setup that the firmware has
carried out on this bus if pcie_aspm=force is being used.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
changing the brightness on AC/battery status changes.
BugLink: http://bugs.launchpad.net/bugs/949311
We currently carry a SAUCE patch which lets the OS handle the brightness
levels automatically when connecting/disconnecting AC. There are some
laptops (MSI Wind) for which this doesn't work. Provide a driver param
which allows this behaviour to be overriden.
Signed-off-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Fix build failure in aufs introduced by
commit 9cd98c046b57cd1bdbd53c3669f6cdd75edffd61
which has been backported from 3.4 as part of the AppArmor 3.4 backport
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Add the dynamic profiles file to the interace, to allow load policy
introspection.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
execve from granting privs
With this set, a lot of dangerous operations (chroot, unshare, etc)
become a lot less dangerous because there is no possibility of
subverting privileged binaries.
This patch completely breaks apparmor. Someone who understands (and
uses) apparmor should fix it or at least give me a hint.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <kees@ubuntu.com>
|
|
Build failure:
ubuntu/aufs/i_op.c:701:8: error: too many arguments to function 'security_path_chmod'
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/943119
https://lists.ubuntu.com/archives/ubuntu-devel/2012-March/034869.html
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
This is necessary for clickpad detection of Synaptics trackpads in Dell
Mini 10 series of laptops.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Andy Whitcroft (1):
UBUNTU: ubuntu: AUFS -- suppress benign plink warning messages
J. R. Okajima (10):
aufs: headers 1/2, bugfix, where the pr_fmt macro definition
aufs: headers 2/2, simply refined
aufs: tiny, update the year
aufs: update the donator
aufs stdalone: include path in Makefile
aufs: tiny, update the year
aufs: tiny, remove a duplicated header by accident
aufs: tiny, restore the removed header files for 2.6.38
make aufs-version 3.2
aufs3.2 20120109
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
This patch forces the LSM to always chain through the Yama LSM
regardless of which LSM is selected as the primary LSM.
This is not intended for upstream. This is, however, what Ubuntu
and ChromeOS are doing.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Add symlink and hardlink restrictions that have shown real-world security
benefits, along with sysctl knobs to control them.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
https://lkml.org/lkml/2012/2/2/220
T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
BugLink: http://bugs.launchpad.net/bugs/925552
Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Add another vendor specific ID for BCM20702A0.
output of usb-devices:
T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=04 Dev#= 6 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21e6 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=D0DF9AFB227B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
BugLink: http://bugs.launchpad.net/bugs/906832
Signed-off-by: James M. Leddy <james.leddy@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Add vendor specific ID for BCM20702A0.
usb-devices:
T: Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#= 4 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21e1 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=60D819F03A6D
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
BugLink: http://bugs.launchpad.net/bugs/906832
Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Signed-off-by: James M. Leddy <james.leddy@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
propagate to interface settings
The description for IPV6_PRIVACY mentions using .../all/use_tempaddr to enable
IPv6 Privacy Extensions, and IP sysctl documentation mentions 'all' as setting
all interface-specific settings. We make sure at least use_tempaddr actually
works as documented.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Remain disabled while we acertain whether there are any hard
requirements for aufs that overlayfs cannot handle.
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
We are getting a lot of bug reports for unexpectedly high plink counts.
This message is benign and not worth reporting as a bug. Suppress.
BugLink: http://bugs.launchpad.net/bugs/621195
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Fix:
ERROR: "security_path_link" [ubuntu/aufs/aufs.ko] undefined!
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Fix:
ERROR: "__devcgroup_inode_permission" [ubuntu/aufs/aufs.ko] undefined!
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Clean up the updater to record and use the real sha1 of the tip of the
standalone tree as well as recording and tracking the nominal tip in the
changelog for commit generation.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Track the new location of the headers as per the commit below:
commit de699ab60a2f8a55b9c8313a04c7863897fb88bd
Author: Andy Whitcroft <apw@canonical.com>
Date: Fri Dec 3 11:12:17 2010 +0000
UBUNTU: ubuntu: AUFS -- include the aufs_types.h file in linux-libc-headers
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/684666
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|