Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 21:11, Amir Goldstein wrote: On Tue, Jan 10, 2017 at 6:34 PM, Konstantin Khlebnikov wrote: On 10.01.2017 18:57, Miklos Szeredi wrote: On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300,

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 21:11, Amir Goldstein wrote: On Tue, Jan 10, 2017 at 6:34 PM, Konstantin Khlebnikov wrote: On 10.01.2017 18:57, Miklos Szeredi wrote: On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Amir Goldstein
On Tue, Jan 10, 2017 at 6:34 PM, Konstantin Khlebnikov wrote: > > On 10.01.2017 18:57, Miklos Szeredi wrote: >> >> On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: >>> >>> On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote:

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Amir Goldstein
On Tue, Jan 10, 2017 at 6:34 PM, Konstantin Khlebnikov wrote: > > On 10.01.2017 18:57, Miklos Szeredi wrote: >> >> On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: >>> >>> On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 19:35, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 11:06:47AM -0500, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 19:35, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 11:06:47AM -0500, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 11:06:47AM -0500, Vivek Goyal wrote: > On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > > If overlay was mounted by root then quota set for upper layer does not work > > because overlay now always use mounter's credentials for operations. > > > >

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 11:06:47AM -0500, Vivek Goyal wrote: > On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > > If overlay was mounted by root then quota set for upper layer does not work > > because overlay now always use mounter's credentials for operations. > > > >

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 18:57, Miklos Szeredi wrote: On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 18:57, Miklos Szeredi wrote: On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 19:06, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's credentials for operations. Hi Konstantin, So CAP_SYS_RESOURCE

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
On 10.01.2017 19:06, Vivek Goyal wrote: On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's credentials for operations. Hi Konstantin, So CAP_SYS_RESOURCE

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > If overlay was mounted by root then quota set for upper layer does not work > because overlay now always use mounter's credentials for operations. > Hi Konstantin, So CAP_SYS_RESOURCE bypasses the quota checks? I just

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > If overlay was mounted by root then quota set for upper layer does not work > because overlay now always use mounter's credentials for operations. > Hi Konstantin, So CAP_SYS_RESOURCE bypasses the quota checks? I just

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Miklos Szeredi
On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: > On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: >> If overlay was mounted by root then quota set for upper layer does not work >> because overlay now always use mounter's credentials for operations. >>

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Miklos Szeredi
On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal wrote: > On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: >> If overlay was mounted by root then quota set for upper layer does not work >> because overlay now always use mounter's credentials for operations. >> >> This patch adds

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > If overlay was mounted by root then quota set for upper layer does not work > because overlay now always use mounter's credentials for operations. > > This patch adds second copy of credentials without CAP_SYS_RESOURCE and >

Re: [PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Vivek Goyal
On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: > If overlay was mounted by root then quota set for upper layer does not work > because overlay now always use mounter's credentials for operations. > > This patch adds second copy of credentials without CAP_SYS_RESOURCE and >

[PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's credentials for operations. This patch adds second copy of credentials without CAP_SYS_RESOURCE and use it if current task doesn't have this capability in mounter's user-ns. This

[PATCH] ovl: do not ignore disk quota if current task is not privileged

2017-01-10 Thread Konstantin Khlebnikov
If overlay was mounted by root then quota set for upper layer does not work because overlay now always use mounter's credentials for operations. This patch adds second copy of credentials without CAP_SYS_RESOURCE and use it if current task doesn't have this capability in mounter's user-ns. This