@@ -255,7 +255,7 @@ static inline int ovl_do_setxattr(struct ovl_fs *ofs, struct dentry *dentry,
int err;
inode_lock(inode);
- err = __vfs_setxattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name, value, size, flags);
+ err = __vfs_setxattr_noperm(&init_user_ns, dentry, name, value, size, flags);
inode_unlock(inode);
pr_debug("setxattr(%pd2, \"%s\", \"%*pE\", %zu, %d) = %i\n",
@@ -277,7 +277,7 @@ static inline int ovl_do_removexattr(struct ovl_fs *ofs, struct dentry *dentry,
int err;
inode_lock(inode);
- err = __vfs_removexattr_noperm(ovl_upper_mnt_userns(ofs), dentry, name);
+ err = __vfs_removexattr_noperm(&init_user_ns, dentry, name);
inode_unlock(inode);
pr_debug("removexattr(%pd2, \"%s\") = %i\n", dentry, name, err);
This reverts commit 520b4713f66b758048d921b73b2c9250d4c2a474. This is needed in order to revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs". CVE-2023-2640 CVE-2023-32629 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> --- fs/overlayfs/overlayfs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)