From b054a83fac0d03b495901672743f4125a1ba574e Mon Sep 17 00:00:00 2001
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Date: Thu, 6 Jul 2023 17:45:17 -0300
Subject: [PATCH] UBUNTU: SAUCE: overlayfs: default to userxattr when mounted
 from non initial user namespace

Also add a nouserxattr for the cases where it is desirable to mount without
userxattr under such namespaces.

This allows cases where such xattrs are necessary for certain operations to
work out, instead of failing due to not being able to use the
trusted.overlay.* xattrs.

CVE-2023-2640
CVE-2023-32629
LP: #1531747
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
---
 fs/overlayfs/super.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 85b891152a2ca..bf031d88a8428 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -391,6 +391,8 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
 		seq_puts(m, ",volatile");
 	if (ofs->config.userxattr)
 		seq_puts(m, ",userxattr");
+	else
+		seq_puts(m, ",nouserxattr");
 	return 0;
 }
 
@@ -439,6 +441,7 @@ enum {
 	OPT_UUID_OFF,
 	OPT_NFS_EXPORT_ON,
 	OPT_USERXATTR,
+	OPT_NOUSERXATTR,
 	OPT_NFS_EXPORT_OFF,
 	OPT_XINO_ON,
 	OPT_XINO_OFF,
@@ -458,6 +461,7 @@ static const match_table_t ovl_tokens = {
 	{OPT_INDEX_ON,			"index=on"},
 	{OPT_INDEX_OFF,			"index=off"},
 	{OPT_USERXATTR,			"userxattr"},
+	{OPT_NOUSERXATTR,		"nouserxattr"},
 	{OPT_UUID_ON,			"uuid=on"},
 	{OPT_UUID_OFF,			"uuid=off"},
 	{OPT_NFS_EXPORT_ON,		"nfs_export=on"},
@@ -628,6 +632,10 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config)
 			config->userxattr = true;
 			break;
 
+		case OPT_NOUSERXATTR:
+			config->userxattr = false;
+			break;
+
 		default:
 			pr_err("unrecognized mount option \"%s\" or missing value\n",
 					p);
@@ -1926,6 +1934,8 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 	ofs->config.nfs_export = ovl_nfs_export_def;
 	ofs->config.xino = ovl_xino_def();
 	ofs->config.metacopy = ovl_metacopy_def;
+	if (sb->s_user_ns != &init_user_ns)
+		ofs->config.userxattr = true;
 	err = ovl_parse_opt((char *) data, &ofs->config);
 	if (err)
 		goto out_err;