Merge pull request #258 from giuseppe/block-set-containers-xattr

main: block setting the user.containers. xattr
2025-08-04 02:15:58 -04:00 · 2020-11-07 10:20:37 -05:00 · 2020-11-07 10:20:37 -05:00 · fc9de46ebf
commit fc9de46ebf
parent 15a04643b8 a513d3de66
1 changed files with 2 additions and 1 deletions
--- a/main.c
+++ b/main.c
@ -136,6 +136,7 @@ open_by_handle_at (int mount_fd, struct file_handle *handle, int flags)
 #define XATTR_PREFIX "user.fuseoverlayfs."
 #define ORIGIN_XATTR "user.fuseoverlayfs.origin"
 #define OPAQUE_XATTR "user.fuseoverlayfs.opaque"
+#define XATTR_CONTAINERS_PREFIX "user.containers."
 #define PRIVILEGED_XATTR_PREFIX "trusted.overlay."
 #define PRIVILEGED_OPAQUE_XATTR "trusted.overlay.opaque"
 #define PRIVILEGED_ORIGIN_XATTR "trusted.overlay.origin"
@ -3286,7 +3287,7 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
      return;
    }

-  if (has_prefix (name, PRIVILEGED_XATTR_PREFIX) || has_prefix (name, XATTR_PREFIX))
+  if (has_prefix (name, PRIVILEGED_XATTR_PREFIX) || has_prefix (name, XATTR_PREFIX)  || has_prefix (name, XATTR_CONTAINERS_PREFIX))
    {
      fuse_reply_err (req, EPERM);
      return;