201633 – Directory recreate with bad permission on the upper layer

Bug 201633 - Directory recreate with bad permission on the upper layer

Summary: Directory recreate with bad permission on the upper layer

Status:	NEW

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 high
Assignee:	fs_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-08 10:07 UTC by Szombat Sandor
Modified:	2019-04-17 22:26 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	4.4.159
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Szombat Sandor 2018-11-08 10:07:52 UTC

Hello,

we are using overlayfs2 in our env. We faced with the following issue: if you created a directory with a non-root user under the lower dir, you delete it in the upper dir and recreate it with a non root user after the recreation the root will be the owner. We see tis inside a docker container first but reproduced on the host too. Example: 

mkdir ~/overlaytest
cd ~/overlaytest
mkdir lower upper work merge
mkdir -p lower/mydir/subdir upper/mydir/subdir
chown -R nobody:nobody upper/mydir
mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
sudo -u nobody rmdir merge/mydir/subdir/
sudo -u nobody mkdir merge/mydir/subdir/
sudo -u nobody ls -l merge/mydir/ 

And check:
drwxr-xr-x. 2 root root 6 nov    7 16.12 subdir

Could you check this issue please? Do you need any additional info? 

Thanks!

Comment 1 kvstark 2019-02-18 17:39:29 UTC

We are also seeing this issue, originally with a docker container and then on the host itself. From our tests, the last good kernel was 4.4.155.  The 4.4.156 kernel exhibited the problem. Looking at the kernel diffs, I see there were some changes made to the fs/overlayfs/dir.c file between those versions that may be related (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/fs/overlayfs/dir.c?id=v4.4.155&id2=v4.4.156).

Could someone please let us know if this issue has been addressed in newer kernel versions or if there is a workaround for the 4.4 kernels?  Thank you!

uname -a
Linux myhostname 4.4.155-1.el7.elrepo.x86_64 #1 SMP Sun Sep 9 16:08:40 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux

Docker version 18.09.1, build 4c52b90

Repro steps:
1. Run docker container from image containing directory A with permissions admin:admin.
2. Log in to docker container as user admin (ssh) and rm -rf directory A
3. Attempt to recreate directory A as user admin (mkdir A)
4. Directory is created, but with root:root ownership.

Other repro steps:
1. Run docker container from image containing directory A with persmissions admin:admin.  Note the directory exists with the correct permissions in the merged folder in the overlay on the host.
2. Log in to the docker container as user admin (ssh) and rm -rf directory A
3. Note that on the host, a new directory A is created in the overlay diff directory with permissions root:root.

Comment 2 Taras Kondratiuk 2019-04-17 22:26:59 UTC

d0e13f5bbe4b ("ovl: fix uid/gid when creating over whiteout") from v4.7-rc4 seems to fix the issue. I've requested to include it into 4.4 stable:
https://www.spinics.net/lists/stable/msg297631.html

Note You need to log in before you can comment on or make changes to this bug.