From 2666df2a49316b7aceb5a80aeddb92e459931def Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 23 Mar 2023 23:01:25 +0100
Subject: [PATCH] main: check that ACLs are supported in the lower layers

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2180118

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 direct.c         | 11 +++++++++++
 fuse-overlayfs.h |  3 +++
 main.c           |  8 ++++++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/direct.c b/direct.c
index 3a8f387..2398b39 100644
--- a/direct.c
+++ b/direct.c
@@ -206,6 +206,16 @@ direct_num_of_layers (const char *opaque, const char *path)
   return 1;
 }
 
+static bool
+direct_support_acls (struct ovl_layer *l)
+{
+  char value[32];
+
+  return fgetxattr (l->fd, ACL_XATTR, value, sizeof (value)) >= 0
+    || errno != ENOTSUP;
+}
+
+
 struct data_source direct_access_ds =
   {
    .num_of_layers = direct_num_of_layers,
@@ -221,4 +231,5 @@ struct data_source direct_access_ds =
    .getxattr = direct_getxattr,
    .listxattr = direct_listxattr,
    .readlinkat = direct_readlinkat,
+   .support_acls = direct_support_acls,
   };
diff --git a/fuse-overlayfs.h b/fuse-overlayfs.h
index 89fbaa1..fb8faa1 100644
--- a/fuse-overlayfs.h
+++ b/fuse-overlayfs.h
@@ -24,6 +24,8 @@
 # include <stdbool.h>
 # include <sys/types.h>
 
+# define ACL_XATTR "system.posix_acl_default"
+
 typedef struct hash_table Hash_table;
 
 struct ovl_ino
@@ -151,6 +153,7 @@ struct data_source
   int (*listxattr)(struct ovl_layer *l, const char *path, char *buf, size_t size);
   int (*getxattr)(struct ovl_layer *l, const char *path, const char *name, char *buf, size_t size);
   ssize_t (*readlinkat)(struct ovl_layer *l, const char *path, char *buf, size_t bufsiz);
+  bool (*support_acls)(struct ovl_layer *l);
 };
 
 /* passthrough to the file system.  */
diff --git a/main.c b/main.c
index 2f23be6..989ef80 100644
--- a/main.c
+++ b/main.c
@@ -66,8 +66,6 @@
 #include <utils.h>
 #include <plugin.h>
 
-#define ACL_XATTR "system.posix_acl_default"
-
 #ifndef TEMP_FAILURE_RETRY
 #define TEMP_FAILURE_RETRY(expression) \
   (__extension__                                                              \
@@ -5764,6 +5762,12 @@ main (int argc, char *argv[])
 
   lo.layers = layers;
 
+  for (tmp_layer = layers; !lo.noacl && tmp_layer; tmp_layer = tmp_layer->next)
+    {
+      if (! tmp_layer->ds->support_acls (tmp_layer))
+	lo.noacl = 1;
+    }
+
   if (lo.upperdir)
     {
       if (lo.xattr_permissions)