http://bugzilla.suse.com/show_bug.cgi?id=1089349
http://bugzilla.suse.com/show_bug.cgi?id=1089349#c9
Fabian Vogt
It is safe for overlayfs to ignore the system.nfs4_acl attribute (which is not empty btw). It is informational only. I would be a bit more comfortable with the patch if it was conditional on the attribute name starting "system."
Ok, I added that. Still works fine here.
and/or if it was upstream.
That's what this bug report is about :-)
There should be no security risk that - falling back on the mode bits for access checks should always be more restrictive (I hope).
Currently overlayfs has the following behaviour on NFSv4:
listxattr foo system.nfs4_acl touch foo listxattr foo (empty)
That might be unexpected, but is essentially unavoidable. It would be possible (but the implementation wouldn't be pretty I guess) to never provide the nfs4_acl attr through overlayfs at all to avoid this inconsistency, at the expense of losing the information completely instead of making it volatile. -- You are receiving this mail because: You are on the CC list for the bug.