Bug 201633

Summary: Directory recreate with bad permission on the upper layer
Product: File System Reporter: Szombat Sandor (sandor.szombat)
Component: OtherAssignee: fs_other
Status: NEW ---    
Severity: high CC: kondratyuk.taras, kvstark
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.4.159 Subsystem:
Regression: No Bisected commit-id:

Description Szombat Sandor 2018-11-08 10:07:52 UTC 
Hello,

we are using overlayfs2 in our env. We faced with the following issue: if you created a directory with a non-root user under the lower dir, you delete it in the upper dir and recreate it with a non root user after the recreation the root will be the owner. We see tis inside a docker container first but reproduced on the host too. Example: 

mkdir ~/overlaytest
cd ~/overlaytest
mkdir lower upper work merge
mkdir -p lower/mydir/subdir upper/mydir/subdir
chown -R nobody:nobody upper/mydir
mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
sudo -u nobody rmdir merge/mydir/subdir/
sudo -u nobody mkdir merge/mydir/subdir/
sudo -u nobody ls -l merge/mydir/ 

And check:
drwxr-xr-x. 2 root root 6 nov    7 16.12 subdir

Could you check this issue please? Do you need any additional info? 

Thanks!
Comment 1 kvstark 2019-02-18 17:39:29 UTC 
We are also seeing this issue, originally with a docker container and then on the host itself. From our tests, the last good kernel was 4.4.155.  The 4.4.156 kernel exhibited the problem. Looking at the kernel diffs, I see there were some changes made to the fs/overlayfs/dir.c file between those versions that may be related (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/fs/overlayfs/dir.c?id=v4.4.155&id2=v4.4.156).

Could someone please let us know if this issue has been addressed in newer kernel versions or if there is a workaround for the 4.4 kernels?  Thank you!

uname -a
Linux myhostname 4.4.155-1.el7.elrepo.x86_64 #1 SMP Sun Sep 9 16:08:40 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux

Docker version 18.09.1, build 4c52b90

Repro steps:
1. Run docker container from image containing directory A with permissions admin:admin.
2. Log in to docker container as user admin (ssh) and rm -rf directory A
3. Attempt to recreate directory A as user admin (mkdir A)
4. Directory is created, but with root:root ownership.

Other repro steps:
1. Run docker container from image containing directory A with persmissions admin:admin.  Note the directory exists with the correct permissions in the merged folder in the overlay on the host.
2. Log in to the docker container as user admin (ssh) and rm -rf directory A
3. Note that on the host, a new directory A is created in the overlay diff directory with permissions root:root.
Comment 2 Taras Kondratiuk 2019-04-17 22:26:59 UTC 
d0e13f5bbe4b ("ovl: fix uid/gid when creating over whiteout") from v4.7-rc4 seems to fix the issue. I've requested to include it into 4.4 stable:
https://www.spinics.net/lists/stable/msg297631.html