Comment # 12 on bug 1089349 from 
(In reply to Goldwyn Rodrigues from comment #11)
> (In reply to Fabian Vogt from comment #10)
> > Any news here? Patch got submitted, but AFAICT didn't land.
> 
> I followed up. However, Miklos says it would be better if we can suppress
> system.nfs4_acl if it is equal to inode->i_mode. However, nfs4_acl seems to
> be opaque to the client and is interpreted by knfsd only.
> 
> From what I read now, ignoring "system." does pose a security risk.

AFAICT, no. It's the same security risk as copying a file to a different file
system.

overlayfs can only be as secure as the least common denominator of upper and
lower layers. So I argue that by mounting it, the admin made a conscious
decision.

> A file
> which is allowed read for a user from a system.posix_acl_access or
> system.nfs4_acl will become unreadable after a copy_up operation and vice
> versa.
> 
> Let me look further how we can hide system.nfs4_acl

You are receiving this mail because: