[Unionfs] File modification problems with unionfs and NFS

Thomas Schauß schauss at tum.de
Wed Jul 29 03:55:00 EDT 2009 

Hello Erez,

Thank you very much for looking into this issue so quickly.

Applying the patch does solve the error I posted.

However, the patch also results in a privilege escalation. Any user can
modify any file for which he has read-permissions (only once, after the
copy-up was performed the permissions then again work as expected). So I
guess an additional check on the permissions of the lower branch inode are
necessary?

Best Regards,
Thomas



-----Original Message-----
From: Erez Zadok [mailto:ezk at cs.sunysb.edu] 
Sent: Mittwoch, 29. Juli 2009 04:24
To: Thomas Schauß
Cc: unionfs at fsl.cs.sunysb.edu
Subject: Re: [Unionfs] File modification problems with unionfs and NFS 

Thomas, I was able to reproduce your problem (which is also bug #624) and I
have a fix which worked for my test cases.  Can you try the following patch
and let me know:

	https://bugzilla.fsl.cs.sunysb.edu/attachment.cgi?id=233

I also included the patch below.  This was for 2.6.29, but should apply to
other kernels as well.

Thanks,
Erez.

############################################################################
##

Unionfs: fix readonly nfs2/3 permission handling

In unionfs_permission: NFSv2/3 return EACCES on readonly-exported, locally
readonly-mounted file systems, instead of EROFS like other file systems do.
So we have no choice here but to intercept this and ignore it for NFS
branches marked readonly.

Signed-off-by: Erez Zadok <ezk at cs.sunysb.edu>
diff --git a/fs/unionfs/inode.c b/fs/unionfs/inode.c
index 7c17093..bbb44d0 100644
--- a/fs/unionfs/inode.c
+++ b/fs/unionfs/inode.c
@@ -843,6 +843,19 @@ static int unionfs_permission(struct inode *inode, int
mask)
 		}
 
 		/*
+		 * NFS HACK: NFSv2/3 return EACCES on readonly-exported,
+		 * locally readonly-mounted file systems, instead of EROFS
+		 * like other file systems do.  So we have no choice here
+		 * but to intercept this and ignore it for NFS branches
+		 * marked readonly.
+		 */
+		if (err && err == -EACCES &&
+		    is_robranch_super(inode->i_sb, bindex) &&
+		    lower_inode->i_sb->s_magic == NFS_SUPER_MAGIC)
+			err = 0;
+
+
+		/*
 		 * The permissions are an intersection of the overall
directory
 		 * permissions, so we fail if one fails.
 		 */

More information about the unionfs mailing list