[Unionfs] File modification problems with unionfs and NFS
Michael Tokarev
mjt at tls.msk.ru
Sat Aug 8 14:31:07 EDT 2009
Erez Zadok wrote:
[]
> Here's an improved patch which appears to solve the privilege escalation
> problem. I've tested it on a number of files with various permissions and
> uid/gid combinations, as both user root and a non-uid0 user. Basically, in
> the case where the lower branch is nfs2/3, and the branch is marked
> readonly, and we suspect that NFS returned a bogus "EACCES" error, then we
> we have to ignore nfs's own ->permission method and rely on
> generic_permission().
>
> Let me know how this works for you.
>
> Thanks,
> Erez.
>
> ##############################################################################
>
>
> Unionfs: fix readonly nfs2/3 permission handling
>
> In unionfs_permission: NFSv2/3 return EACCES on readonly-exported, locally
> readonly-mounted file systems, instead of EROFS like other file systems do.
> So we have no choice here but to intercept this and ignore it for NFS
> branches marked readonly. Specifically, we avoid using NFS's own "broken"
> ->permission method, and rely on generic_permission() to do basic checking
> for us.
Aha. So here goes my (and not only my) "mystic" EACCESS problem which
I reported about a year or more ago. At that time I did some more testing
trying to narrow it down but failed to reproduce it reliable and said some
"more recent" kernel fixed the issue. But it in fact did not and the prob
happened again and again.. I just tried this patch on a "testcase" which
caused it to happen with 100% reliability, and it does not happen any more.
Thank you very much! Peace!
By the way, how about different versions of nfs? are them all using the same
magic number?
/mjt
More information about the unionfs
mailing list