http://bugzilla.suse.com/show_bug.cgi?id=1089349 http://bugzilla.suse.com/show_bug.cgi?id=1089349#c5 --- Comment #5 from Fabian Vogt <fvogt@suse.com> --- (In reply to Goldwyn Rodrigues from comment #4)
On second thoughts, this is a security risk.
The handling for security_inode_copy_up_xattr is the same.
If ACL is not be copied, the access permissions will change over an overlayfs mount.
ACLs are handled separately AFAICT. The only reason system.nfs4_acl exists as xattr is to provide userspace with the extended information NFSv4 ACLs provide over POSIX ACLs. However, I'd say that this is a configuration issue by the system administrator - if the upper layer doesn't support a feature, it must not be relied on. I don't think there's a better way to handle this, but I'd like to be proven otherwise. -- You are receiving this mail because: You are on the CC list for the bug.