Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70d05744 authored by David Anderson's avatar David Anderson
Browse files

overlayfs: Use userxattrs on supporting kernels. 

In previous kernels, overlayfs stored its xattrs with a "trusted."
prefix. This requires CAP_SYS_ADMIN. As a workaround, we carried
out-of-tree kernel patches to bypass the security checks on these attrs.

The 5.15 kernel however has a new mount option "userxattr". When this is
set, the "trusted." prefix is replaced with "user.", which eliminates
the CAP_SYS_ADMIN requirement.

On kernels >= 5.15 we can use this feature and drop some of our
out-of-tree patches.

Bug: 204981027
Test: adb remount on cuttlefish with >=5.15
Change-Id: I3f0ca637a62c949fe481eea84f2c682f1ff4517a
parent bad9f5fd

fs_mgr/fs_mgr_overlayfs.cpp

+14 −0
Original line number Diff line number Diff line
@@ -322,6 +322,17 @@ std::string fs_mgr_get_overlayfs_candidate(const std::string& mount_point) { 
const auto kLowerdirOption = "lowerdir="s;

const auto kUpperdirOption = "upperdir="s;



static inline bool KernelSupportsUserXattrs() {

    struct utsname uts;

    uname(&uts);



    int major, minor;

    if (sscanf(uts.release, "%d.%d", &major, &minor) != 2) {

        return false;

    }

    return major > 5 || (major == 5 && minor >= 15);

}



// default options for mount_point, returns empty string for none available.

std::string fs_mgr_get_overlayfs_options(const std::string& mount_point) {

    auto candidate = fs_mgr_get_overlayfs_candidate(mount_point);
@@ -331,6 +342,9 @@ std::string fs_mgr_get_overlayfs_options(const std::string& mount_point) { 
    if (fs_mgr_overlayfs_valid() == OverlayfsValidResult::kOverrideCredsRequired) {

        ret += ",override_creds=off";

    }

    if (KernelSupportsUserXattrs()) {

        ret += ",userxattr";

    }

    return ret;

}