[PATCH] erofs: impersonate the opener's credentials when accessing backing file

Gao Xiang hsiangkao at linux.alibaba.com
Thu Jun 12 21:28:54 AEST 2025


Hi Tatsuyuki,

On 2025/6/12 18:18, Tatsuyuki Ishi wrote:
> Previously, file operations on a file-backed mount used the current
> process' credentials to access the backing FD. Attempting to do so on
> Android lead to SELinux denials, as ACL rules on the backing file (e.g.
> /system/apex/foo.apex) is restricted to a small set of process.
> Arguably, this error is redundant and leaking implementation details, as
> access to files on a mount is already ACL'ed by path.
> 
> Instead, override to use the opener's cred when accessing the backing
> file. This makes the behavior similar to a loop-backed mount, which
> uses kworker cred when accessing the backing file and does not cause
> SELinux denials.
> 
> Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki at google.com>

Thanks for the patch.  I think overlayfs uses the similar policy
(mounter's cred), which is the same as the opener's cred here
(because it opens backing file in the mount context), so:

Reviewed-by: Gao Xiang <hsiangkao at linux.alibaba.com>

Thanks,
Gao Xiang


More information about the Linux-erofs mailing list