Comment # 5 on bug 1089349 from 
(In reply to Goldwyn Rodrigues from comment #4)
> On second thoughts, this is a security risk.

The handling for security_inode_copy_up_xattr is the same.

> If ACL is not be copied, the access permissions will change over an
> overlayfs mount.

ACLs are handled separately AFAICT. The only reason system.nfs4_acl exists as
xattr is to provide userspace with the extended information NFSv4 ACLs provide
over POSIX ACLs.

However, I'd say that this is a configuration issue by the system administrator
- if the upper layer doesn't support a feature, it must not be relied on.

I don't think there's a better way to handle this, but I'd like to be proven
otherwise.

You are receiving this mail because: