Merge pull request #446 from giuseppe/tag-1.15

release 1.15

.clang-format

@@ -0,0 +1,111 @@
+---
+BasedOnStyle:  GNU
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignConsecutiveMacros: false
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlines: Left
+AlignOperands:   true
+AlignTrailingComments: true
+AllowAllArgumentsOnNextLine: true
+AllowAllConstructorInitializersOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AllowShortLambdasOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: All
+AlwaysBreakAfterReturnType: AllDefinitions
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: MultiLine
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterCaseLabel:  true
+  AfterClass:      true
+  AfterControlStatement: true
+  AfterEnum:       true
+  AfterFunction:   true
+  AfterNamespace:  true
+  AfterObjCDeclaration: true
+  AfterStruct:     true
+  AfterUnion:      true
+  BeforeCatch:     true
+  BeforeElse:      true
+  IndentBraces:    true
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakBeforeBinaryOperators: All
+BreakBeforeBraces: Custom
+BreakBeforeInheritanceComma: false
+BreakInheritanceList: BeforeColon
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeColon
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit: 0
+ContinuationIndentWidth: 4
+DeriveLineEnding: true
+DerivePointerAlignment: false
+DisableFormat:   false
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: false
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IncludeBlocks:   Preserve
+IncludeIsMainRegex: '(Test)?$'
+IncludeIsMainSourceRegex: ''
+IndentCaseLabels: false
+IndentGotoLabels: true
+IndentPPDirectives: AfterHash
+IndentWidth:     2
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Right
+ReflowComments:  true
+SortIncludes:    false
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: true
+SpaceAfterLogicalNot: true
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeParens: Always
+SpaceInEmptyBlock: false
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  false
+SpacesInConditionalStatement: false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SpaceBeforeSquareBrackets: false
+TabWidth:        8
+UseCRLF:         false
+UseTab:          Never
+...

.github/workflows/release.yaml

@@ -1,98 +1,77 @@
 name: Release
 on:
   push:
-    tags:
+  pull_request:
-    - 'test-cross-*'
-    - 'v*'
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
-    - uses: docker/setup-buildx-action@v1
+      with:
+        # Reproduce the exact commit hash value
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
+    - run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+    - uses: docker/setup-buildx-action@v2
+    - name: Cache var-cache-apt
+      uses: actions/cache@v3
+      with:
+        path: var-cache-apt
+        key: var-cache-apt-${{ hashFiles('Containerfile.cross') }}
+    - name: Cache var-lib-apt
+      uses: actions/cache@v3
+      with:
+        path: var-lib-apt
+        key: var-lib-apt-${{ hashFiles('Containerfile.cross') }}
+    - name: inject var-cache-apt into docker
+      uses: reproducible-containers/buildkit-cache-dance@v2.1.2
+      with:
+        cache-source: var-cache-apt
+        cache-target: /var/cache/apt
+    - name: inject var-lib-apt into docker
+      uses: reproducible-containers/buildkit-cache-dance@v2.1.2
+      with:
+        cache-source: var-lib-apt
+        cache-target: /var/lib/apt
     - name: "Build binaries from Containerfile.cross"
-      run: docker buildx build -o out --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 -f Containerfile.cross .
+      run: docker buildx build -o /tmp/fuse-overlayfs-builds --build-arg SOURCE_DATE_EPOCH --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 -f Containerfile.cross .
-    - name: "Create out/artifact"
+    - name: "Create /tmp/artifact"
       run: |
-        mkdir -p out/artifact
+        mkdir -p /tmp/artifact
-        mv out/linux_amd64/fuse-overlayfs out/artifact/fuse-overlayfs-x86_64
+        mv /tmp/fuse-overlayfs-builds/linux_amd64/fuse-overlayfs   /tmp/artifact/fuse-overlayfs-x86_64
-        mv out/linux_arm64/fuse-overlayfs out/artifact/fuse-overlayfs-aarch64
+        mv /tmp/fuse-overlayfs-builds/linux_arm64/fuse-overlayfs   /tmp/artifact/fuse-overlayfs-aarch64
-        mv out/linux_arm_v7/fuse-overlayfs out/artifact/fuse-overlayfs-armv7l
+        mv /tmp/fuse-overlayfs-builds/linux_arm_v7/fuse-overlayfs  /tmp/artifact/fuse-overlayfs-armv7l
-        mv out/linux_s390x/fuse-overlayfs out/artifact/fuse-overlayfs-s390x
+        mv /tmp/fuse-overlayfs-builds/linux_s390x/fuse-overlayfs   /tmp/artifact/fuse-overlayfs-s390x
-        mv out/linux_ppc64le/fuse-overlayfs out/artifact/fuse-overlayfs-ppc64le
+        mv /tmp/fuse-overlayfs-builds/linux_ppc64le/fuse-overlayfs /tmp/artifact/fuse-overlayfs-ppc64le
-        mv out/linux_riscv64/fuse-overlayfs out/artifact/fuse-overlayfs-riscv64
+        mv /tmp/fuse-overlayfs-builds/linux_riscv64/fuse-overlayfs /tmp/artifact/fuse-overlayfs-riscv64
+        echo "${SOURCE_DATE_EPOCH}" >/tmp/artifact/SOURCE_DATE_EPOCH
     - name: "SHA256SUMS"
-      run: (cd out/artifact; sha256sum *) | tee out/SHA256SUMS
+      run: (cd /tmp/artifact; sha256sum *) | tee /tmp/SHA256SUMS
+    - name: "The sha256sum of the SHA256SUMS file"
+      run: sha256sum /tmp/SHA256SUMS
+    - name: "Prepare the release note"
+      run: |
+        cat << EOF | tee /tmp/release-note.txt
+        #### About the binaries
+        The binaries were built automatically on GitHub Actions.
+        The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+        The binaries should be reproducible with the following command:
+        \`\`\`
+        docker buildx build \
+          -o /tmp/fuse-overlayfs-builds \
+          --build-arg SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} \
+          --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 \
+          --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 \
+          -f Containerfile.cross \
+          "https://github.com/${{ github.repository }}.git#${tag}"
+        \`\`\`
+        EOF
     - name: "Create release"
-      uses: actions/create-release@v1
+      if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-      id: create_release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
+      run: |
-        tag_name: ${{ github.ref }}
+        tag="${GITHUB_REF##*/}"
-        release_name: ${{ github.ref }}
+        gh release create -F /tmp/release-note.txt --draft --title "${tag}" "${tag}" /tmp/artifact/* /tmp/SHA256SUMS
-        draft: true
-    - name: "Upload fuse-overlayfs-x86_64"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-x86_64
-        asset_name: fuse-overlayfs-x86_64
-        asset_content_type: application/octet-stream
-    - name: "Upload fuse-overlayfs-aarch64"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-aarch64
-        asset_name: fuse-overlayfs-aarch64
-        asset_content_type: application/octet-stream
-    - name: "Upload fuse-overlayfs-armv7l"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-armv7l
-        asset_name: fuse-overlayfs-armv7l
-        asset_content_type: application/octet-stream
-    - name: "Upload fuse-overlayfs-s390x"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-s390x
-        asset_name: fuse-overlayfs-s390x
-        asset_content_type: application/octet-stream
-    - name: "Upload fuse-overlayfs-ppc64le"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-ppc64le
-        asset_name: fuse-overlayfs-ppc64le
-        asset_content_type: application/octet-stream
-    - name: "Upload fuse-overlayfs-riscv64"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/artifact/fuse-overlayfs-riscv64
-        asset_name: fuse-overlayfs-riscv64
-        asset_content_type: application/octet-stream
-    - name: "Upload SHA256SUMS"
-      uses: actions/upload-release-asset@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: out/SHA256SUMS
-        asset_name: SHA256SUMS
-        asset_content_type: text/plain

.github/workflows/test.yaml

@@ -4,23 +4,23 @@ on: [push, pull_request]
 
 jobs:
   build_job:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     name: Build on ${{ matrix.arch }}
 
     strategy:
       matrix:
         include:
           - arch: armv7
-            distro: ubuntu20.04
+            distro: ubuntu_latest
           - arch: aarch64
-            distro: ubuntu20.04
+            distro: ubuntu_latest
           - arch: s390x
-            distro: ubuntu20.04
+            distro: ubuntu_latest
           - arch: ppc64le
-            distro: ubuntu20.04
+            distro: ubuntu_latest
     steps:
-      - uses: actions/checkout@v2.1.0
+      - uses: actions/checkout@v4
-      - uses: uraimo/run-on-arch-action@v2.0.5
+      - uses: uraimo/run-on-arch-action@v3.0.1
         name: Build
         id: build
         with:
@@ -34,7 +34,7 @@ jobs:
 
           install: |
             apt-get update -q -y
-            apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3.8 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel libfuse3-dev bats
+            apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel libfuse3-dev bats
 
           run: |
             ./autogen.sh
@@ -42,14 +42,14 @@ jobs:
             make -j $(nproc)
 
       - name: Archive build artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: fuse-overlayfs-${{ matrix.arch }}-${{ matrix.distro }}
           path: |
             fuse-overlayfs
 
   Test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
@@ -61,12 +61,12 @@ jobs:
       TAGS: exclude_graphdriver_devicemapper exclude_graphdriver_btrfs no_libsubid
     steps:
     - name: checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: install dependencies
       run: |
             sudo apt-get update -q -y
-            sudo apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3.8 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel wget libfuse3-dev bats
+            sudo apt-get install -q -y attr automake autotools-dev git make gcc pkg-config xz-utils python3 g++ python3-setuptools libdevmapper-dev btrfs-progs libbtrfs-dev go-md2man parallel wget libfuse3-dev bats
 
             sudo mkdir -p /lower /upper /mnt $GOPATH/src/github.com/containers
             sudo sh -c "cd $GOPATH/src/github.com/containers; git clone --depth=1 https://github.com/containers/storage"
@@ -88,15 +88,18 @@ jobs:
         sudo cp fuse-overlayfs /sbin
 
     - name: Archive build artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4.6.2
       with:
-        name: fuse-overlayfs-x86_64-ubuntu20.04
+        name: fuse-overlayfs-x86_64-ubuntu-latest
         path: |
           fuse-overlayfs
       if: ${{ matrix.test == 'ovl-whiteouts' }}
 
     - name: run test
       run: |
+        sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+        sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+
         case "${{ matrix.test }}" in
             ovl-whiteouts)
                 sudo sh -c "(cd /unionmount-testsuite; unshare -m ./run --ov --fuse=fuse-overlayfs --xdev)"

Containerfile.alpine

@@ -3,7 +3,7 @@ WORKDIR /build
 RUN apk add git make gcc libc-dev musl-dev glib-static gettext eudev-dev \
 	linux-headers automake autoconf cmake meson ninja clang go-md2man
 
-RUN git clone https://github.com/libfuse/libfuse && \
+RUN git clone https://github.com/libfuse/libfuse -b fuse-3.16.2 && \
     cd libfuse && \
     mkdir build && \
     cd build && \

Containerfile.cross

@@ -1,14 +1,38 @@
-FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.1.0 AS xx
+# Usage:
-FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS fuse-overlayfs
+# docker buildx build \
-RUN apt-get update && \
+#   -o /tmp/fuse-overlayfs-builds \
+#   --build-arg SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) \
+#   --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 \
+#   -f Containerfile.cross .
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.2.1 AS xx
+FROM --platform=$BUILDPLATFORM ubuntu:jammy-20230804 AS fuse-overlayfs
+ADD --chmod=0755 \
+  https://raw.githubusercontent.com/reproducible-containers/repro-sources-list.sh/v0.1.0/repro-sources-list.sh \
+  /usr/local/bin/repro-sources-list.sh
+RUN \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  repro-sources-list.sh && \
+  apt-get update && \
   apt-get install --no-install-recommends -y \
   git make automake autoconf pkgconf file go-md2man
+# Set SOURCE_DATE_EPOCH after running repro-sources-list.sh, for cache efficiency
+ARG SOURCE_DATE_EPOCH
 COPY . /fuse-overlayfs
 WORKDIR /fuse-overlayfs
 COPY --from=xx / /
 ARG TARGETPLATFORM
 ENV DEBIAN_FRONTEND=noninteractive
-RUN xx-apt-get install -y gcc libfuse3-dev
+# xx-apt-get cannot be used, as it clobbers /etc/apt/sources.list created by repro-sources-list.sh
+RUN \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  darch="$(xx-info debian-arch)" && \
+  dpkg --add-architecture ${darch} && \
+  apt-get update && \
+  gcc="gcc" && \
+  if xx-info is-cross; then gcc="gcc-$(xx-info triple)"; fi; \
+  apt-get install -y "${gcc}" "libfuse3-dev:${darch}"
 RUN ./autogen.sh && \
   LIBS="-ldl" LDFLAGS="-static" ./configure --host=$(xx-info) && \
   make && mkdir /out && cp fuse-overlayfs /out && \

Containerfile.static.fedora

@@ -3,7 +3,7 @@ WORKDIR /build
 RUN dnf update -y && \
     dnf install -y git make automake autoconf gcc glibc-static meson ninja-build clang
 
-RUN git clone https://github.com/libfuse/libfuse && \
+RUN git clone https://github.com/libfuse/libfuse -b fuse-3.16.2 && \
     cd libfuse && \
     mkdir build && \
     cd build && \

Makefile.am

@@ -36,3 +36,6 @@ srpm: dist-gzip fuse-overlayfs.spec
 	echo $(VERSION)
 	$(MAKE) -C $(WD) dist-xz
 	rpmbuild -bs --define "_sourcedir $(WD)" --define "_specdir $(WD)" --define "_builddir $(WD)" --define "_srcrpmdir $(WD)" --define "_rpmdir $(WD)" --define "_buildrootdir $(WD)/.build" fuse-overlayfs.spec
+
+clang-format:
+	git ls-files | grep -E "\\.[hc]$$" | grep -v "^lib/" | xargs clang-format -style=file -i

NEWS

@@ -1,3 +1,22 @@
+* fuse-overlayfs-1.15
+
+- main: lookup upperdir only for created directories.
+- main: allow escaped colons in directory paths.
+- main: use extended override xattr to support devices.
+- remove unsupported option "lazytime".
+
+* fuse-overlayfs-1.14
+
+- isolate security xattrs for STAT_OVERRIDE_CONTAINERS.  Prefix all
+  security xattrs with XATTR_CONTAINERS_OVERRIDE_PREFIX.
+- prefer user.containers.override_stat over user.fuseoverlayfs.
+- do not force -1 for owner overriding extended attributes.  Otherwise
+  the value is written to the override extended attribute.
+- fix file owner retrieval for chmod.
+- honor umask with xattr_permissions.
+- honor mode for devices with xattr_permissions.
+- propagate extended attributes permissions with copyup.
+
 * fuse-overlayfs-1.13
 
 - fix a performance issue when dealing with big directories.

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.69])
-AC_INIT([fuse-overlayfs], [1.13-dev], [giuseppe@scrivano.org])
+AC_INIT([fuse-overlayfs], [1.16-dev], [giuseppe@scrivano.org])
 AC_CONFIG_SRCDIR([main.c])
 AC_CONFIG_HEADERS([config.h])
 

contrib/fix-mode.py

@@ -6,12 +6,12 @@ import stat
 import errno
 
 XATTR_OVERRIDE_STAT_PRIVILEGED = "security.fuseoverlayfs.override_stat"
-XATTR_OVERRIDE_STAT = "user.fuseoverlayfs.override_stat"
+XATTR_OVERRIDE_CONTAINERS_STAT = "user.fuseoverlayfs.override_stat"
 
 if os.geteuid() == 0:
     xattr_name = XATTR_OVERRIDE_STAT_PRIVILEGED
 else:
-    xattr_name = XATTR_OVERRIDE_STAT
+    xattr_name = XATTR_OVERRIDE_CONTAINERS_STAT
 
 cwd_fd = os.open(".", os.O_PATH)
 
@@ -23,7 +23,7 @@ def fix_path(path):
         os.setxattr(path, xattr_name, str.encode(content), flags=os.XATTR_CREATE, follow_symlinks=False)
     except Exception as e:
         if e.errno == errno.EEXIST:
-            print("attr %s already present for %s: %s" % (XATTR_OVERRIDE_STAT, path, e.errno))
+            print("attr %s already present for %s: %s" % (xattr_name, path, e.errno))
             return
         raise e
 

direct.c

@@ -76,7 +76,7 @@ direct_fstat (struct ovl_layer *l, int fd, const char *path, unsigned int mask,
 #ifdef HAVE_STATX
   struct statx stx;
 
-  ret = statx (fd, "", AT_STATX_DONT_SYNC|AT_EMPTY_PATH, mask, &stx);
+  ret = statx (fd, "", AT_STATX_DONT_SYNC | AT_EMPTY_PATH, mask, &stx);
   if (ret < 0 && (errno == ENOSYS || errno == EINVAL))
     goto fallback;
   if (ret == 0)
@@ -88,7 +88,7 @@ direct_fstat (struct ovl_layer *l, int fd, const char *path, unsigned int mask,
   return ret;
 #endif
 
- fallback:
+fallback:
   ret = fstat (fd, st);
   if (ret != 0)
     return ret;
@@ -103,7 +103,7 @@ direct_statat (struct ovl_layer *l, const char *path, struct stat *st, int flags
 #ifdef HAVE_STATX
   struct statx stx;
 
-  ret = statx (l->fd, path, AT_STATX_DONT_SYNC|flags, mask, &stx);
+  ret = statx (l->fd, path, AT_STATX_DONT_SYNC | flags, mask, &stx);
   if (ret < 0 && (errno == ENOSYS || errno == EINVAL))
     goto fallback;
   if (ret == 0)
@@ -114,7 +114,7 @@ direct_statat (struct ovl_layer *l, const char *path, struct stat *st, int flags
 
   return ret;
 #endif
- fallback:
+fallback:
   ret = fstatat (l->fd, path, st, flags);
   if (ret != 0)
     return ret;
@@ -186,10 +186,10 @@ direct_load_data_source (struct ovl_layer *l, const char *opaque, const char *pa
 
   if (fgetxattr (l->fd, XATTR_PRIVILEGED_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
     l->stat_override_mode = STAT_OVERRIDE_PRIVILEGED;
-  else if (fgetxattr (l->fd, XATTR_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
-    l->stat_override_mode = STAT_OVERRIDE_USER;
   else if (fgetxattr (l->fd, XATTR_OVERRIDE_CONTAINERS_STAT, tmp, sizeof (tmp)) >= 0)
     l->stat_override_mode = STAT_OVERRIDE_CONTAINERS;
+  else if (fgetxattr (l->fd, XATTR_OVERRIDE_STAT, tmp, sizeof (tmp)) >= 0)
+    l->stat_override_mode = STAT_OVERRIDE_USER;
 
   return 0;
 }
@@ -212,24 +212,22 @@ direct_support_acls (struct ovl_layer *l)
   char value[32];
 
   return fgetxattr (l->fd, ACL_XATTR, value, sizeof (value)) >= 0
-    || errno != ENOTSUP;
+         || errno != ENOTSUP;
 }
 
-
+struct data_source direct_access_ds = {
-struct data_source direct_access_ds =
+  .num_of_layers = direct_num_of_layers,
-  {
+  .load_data_source = direct_load_data_source,
-   .num_of_layers = direct_num_of_layers,
+  .cleanup = direct_cleanup,
-   .load_data_source = direct_load_data_source,
+  .file_exists = direct_file_exists,
-   .cleanup = direct_cleanup,
+  .statat = direct_statat,
-   .file_exists = direct_file_exists,
+  .fstat = direct_fstat,
-   .statat = direct_statat,
+  .opendir = direct_opendir,
-   .fstat = direct_fstat,
+  .readdir = direct_readdir,
-   .opendir = direct_opendir,
+  .closedir = direct_closedir,
-   .readdir = direct_readdir,
+  .openat = direct_openat,
-   .closedir = direct_closedir,
+  .getxattr = direct_getxattr,
-   .openat = direct_openat,
+  .listxattr = direct_listxattr,
-   .getxattr = direct_getxattr,
+  .readlinkat = direct_readlinkat,
-   .listxattr = direct_listxattr,
+  .support_acls = direct_support_acls,
-   .readlinkat = direct_readlinkat,
+};
-   .support_acls = direct_support_acls,
-  };

fuse-overlayfs.h

@@ -16,15 +16,15 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef FUSE_OVERLAYFS_H
-# define FUSE_OVERLAYFS_H
+#define FUSE_OVERLAYFS_H
-# define _GNU_SOURCE
+#define _GNU_SOURCE
 
-# include <sys/stat.h>
+#include <sys/stat.h>
-# include <plugin-manager.h>
+#include <plugin-manager.h>
-# include <stdbool.h>
+#include <stdbool.h>
-# include <sys/types.h>
+#include <sys/types.h>
 
-# define ACL_XATTR "system.posix_acl_default"
+#define ACL_XATTR "system.posix_acl_default"
 
 typedef struct hash_table Hash_table;
 
@@ -143,39 +143,39 @@ struct ovl_layer
 struct data_source
 {
   int (*num_of_layers) (const char *opaque, const char *path);
-  int (*load_data_source)(struct ovl_layer *l, const char *opaque, const char *path, int n_layer);
+  int (*load_data_source) (struct ovl_layer *l, const char *opaque, const char *path, int n_layer);
-  int (*cleanup)(struct ovl_layer *l);
+  int (*cleanup) (struct ovl_layer *l);
-  int (*file_exists)(struct ovl_layer *l, const char *pathname);
+  int (*file_exists) (struct ovl_layer *l, const char *pathname);
-  int (*statat)(struct ovl_layer *l, const char *path, struct stat *st, int flags, unsigned int mask);
+  int (*statat) (struct ovl_layer *l, const char *path, struct stat *st, int flags, unsigned int mask);
-  int (*fstat)(struct ovl_layer *l, int fd, const char *path, unsigned int mask, struct stat *st);
+  int (*fstat) (struct ovl_layer *l, int fd, const char *path, unsigned int mask, struct stat *st);
-  void *(*opendir)(struct ovl_layer *l, const char *path);
+  void *(*opendir) (struct ovl_layer *l, const char *path);
-  struct dirent *(*readdir)(void *dirp);
+  struct dirent *(*readdir) (void *dirp);
-  int (*closedir)(void *dirp);
+  int (*closedir) (void *dirp);
-  int (*openat)(struct ovl_layer *l, const char *path, int flags, mode_t mode);
+  int (*openat) (struct ovl_layer *l, const char *path, int flags, mode_t mode);
-  int (*listxattr)(struct ovl_layer *l, const char *path, char *buf, size_t size);
+  int (*listxattr) (struct ovl_layer *l, const char *path, char *buf, size_t size);
-  int (*getxattr)(struct ovl_layer *l, const char *path, const char *name, char *buf, size_t size);
+  int (*getxattr) (struct ovl_layer *l, const char *path, const char *name, char *buf, size_t size);
-  ssize_t (*readlinkat)(struct ovl_layer *l, const char *path, char *buf, size_t bufsiz);
+  ssize_t (*readlinkat) (struct ovl_layer *l, const char *path, char *buf, size_t bufsiz);
-  bool (*support_acls)(struct ovl_layer *l);
+  bool (*support_acls) (struct ovl_layer *l);
 };
 
 /* passthrough to the file system.  */
 extern struct data_source direct_access_ds;
 
-# ifndef HAVE_STATX
+#ifndef HAVE_STATX
-#  define STATX_TYPE		0x00000001U	/* Want/got stx_mode & S_IFMT */
+#  define STATX_TYPE 0x00000001U        /* Want/got stx_mode & S_IFMT */
-#  define STATX_MODE		0x00000002U	/* Want/got stx_mode & ~S_IFMT */
+#  define STATX_MODE 0x00000002U        /* Want/got stx_mode & ~S_IFMT */
-#  define STATX_NLINK		0x00000004U	/* Want/got stx_nlink */
+#  define STATX_NLINK 0x00000004U       /* Want/got stx_nlink */
-#  define STATX_UID		0x00000008U	/* Want/got stx_uid */
+#  define STATX_UID 0x00000008U         /* Want/got stx_uid */
-#  define STATX_GID		0x00000010U	/* Want/got stx_gid */
+#  define STATX_GID 0x00000010U         /* Want/got stx_gid */
-#  define STATX_ATIME		0x00000020U	/* Want/got stx_atime */
+#  define STATX_ATIME 0x00000020U       /* Want/got stx_atime */
-#  define STATX_MTIME		0x00000040U	/* Want/got stx_mtime */
+#  define STATX_MTIME 0x00000040U       /* Want/got stx_mtime */
-#  define STATX_CTIME		0x00000080U	/* Want/got stx_ctime */
+#  define STATX_CTIME 0x00000080U       /* Want/got stx_ctime */
-#  define STATX_INO		0x00000100U	/* Want/got stx_ino */
+#  define STATX_INO 0x00000100U         /* Want/got stx_ino */
-#  define STATX_SIZE		0x00000200U	/* Want/got stx_size */
+#  define STATX_SIZE 0x00000200U        /* Want/got stx_size */
-#  define STATX_BLOCKS		0x00000400U	/* Want/got stx_blocks */
+#  define STATX_BLOCKS 0x00000400U      /* Want/got stx_blocks */
-#  define STATX_BASIC_STATS	0x000007ffU	/* The stuff in the normal stat struct */
+#  define STATX_BASIC_STATS 0x000007ffU /* The stuff in the normal stat struct */
-#  define STATX_BTIME		0x00000800U	/* Want/got stx_btime */
+#  define STATX_BTIME 0x00000800U       /* Want/got stx_btime */
-#  define STATX_ALL		0x00000fffU	/* All currently supported flags */
+#  define STATX_ALL 0x00000fffU         /* All currently supported flags */
-# endif
+#endif
 
 #endif

fuse_overlayfs_error.h

@@ -17,24 +17,26 @@
 */
 
 #ifndef FUSE_OVERLAYFS_ERROR_H
-# define FUSE_OVERLAYFS_ERROR_H
+#define FUSE_OVERLAYFS_ERROR_H
 
-# include <config.h>
+#include <config.h>
 
-# ifdef HAVE_ERROR_H
+#ifdef HAVE_ERROR_H
 #  include <error.h>
-# else
+#else
-#  define error(status, errno, fmt, ...) do {                           \
+#  define error(status, errno, fmt, ...)                                \
-    if (errno == 0)                                                     \
+    do                                                                  \
-      fprintf (stderr, "fuse-overlayfs: " fmt "\n", ##__VA_ARGS__);     \
-    else                                                                \
       {                                                                 \
-        fprintf (stderr, "fuse-overlayfs: " fmt, ##__VA_ARGS__);        \
+        if (errno == 0)                                                 \
-        fprintf (stderr, ": %s\n", strerror (errno));                   \
+          fprintf (stderr, "fuse-overlayfs: " fmt "\n", ##__VA_ARGS__); \
-      }                                                                 \
+        else                                                            \
-    if (status)                                                         \
+          {                                                             \
-      exit (status);                                                    \
+            fprintf (stderr, "fuse-overlayfs: " fmt, ##__VA_ARGS__);    \
-  } while(0)
+            fprintf (stderr, ": %s\n", strerror (errno));               \
-# endif
+          }                                                             \
+        if (status)                                                     \
+          exit (status);                                                \
+    } while (0)
+#endif
 
 #endif

lib/hash.c

@@ -1,6 +1,6 @@
 /* hash - hashing table processing.
 
-   Copyright (C) 1998-2004, 2006-2007, 2009-2023 Free Software Foundation, Inc.
+   Copyright (C) 1998-2004, 2006-2007, 2009-2025 Free Software Foundation, Inc.
 
    Written by Jim Meyering, 1992.
 
@@ -29,6 +29,7 @@
 #include "bitrotate.h"
 #include "xalloc-oversized.h"
 
+#include <errno.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -499,13 +500,17 @@ compute_bucket_size (size_t candidate, const Hash_tuning *tuning)
     {
       float new_candidate = candidate / tuning->growth_threshold;
       if ((float) SIZE_MAX <= new_candidate)
-        return 0;
+        goto nomem;
       candidate = new_candidate;
     }
   candidate = next_prime (candidate);
   if (xalloc_oversized (candidate, sizeof (struct hash_entry *)))
-    return 0;
+    goto nomem;
   return candidate;
+
+ nomem:
+  errno = ENOMEM;
+  return 0;
 }
 
 Hash_table *
@@ -534,6 +539,7 @@ hash_initialize (size_t candidate, const Hash_tuning *tuning,
          if the user provides invalid tuning options, we silently revert to
          using the defaults, and ignore further request to change the tuning
          options.  */
+      errno = EINVAL;
       goto fail;
     }
 
@@ -607,6 +613,7 @@ hash_free (Hash_table *table)
   struct hash_entry *bucket;
   struct hash_entry *cursor;
   struct hash_entry *next;
+  int err = errno;
 
   /* Call the user data_freer function.  */
   if (table->data_freer && table->n_entries)
@@ -649,6 +656,8 @@ hash_free (Hash_table *table)
   /* Free the remainder of the hash table structure.  */
   free (table->bucket);
   free (table);
+
+  errno = err;
 }
 
 /* Insertion and deletion.  */
@@ -762,8 +771,8 @@ hash_find_entry (Hash_table *table, const void *entry,
 /* Internal helper, to move entries from SRC to DST.  Both tables must
    share the same free entry list.  If SAFE, only move overflow
    entries, saving bucket heads for later, so that no allocations will
-   occur.  Return false if the free entry list is exhausted and an
+   occur.  Return false (setting errno) if the free entry list is
-   allocation fails.  */
+   exhausted and an allocation fails.  */
 
 static bool
 transfer_entries (Hash_table *dst, Hash_table *src, bool safe)
@@ -910,12 +919,14 @@ hash_rehash (Hash_table *table, size_t candidate)
      passes.  Two passes give worse cache performance and takes
      longer, but at this point, we're already out of memory, so slow
      and safe is better than failure.  */
+  int err = errno;
   table->free_entry_list = new_table->free_entry_list;
   if (! (transfer_entries (table, new_table, true)
          && transfer_entries (table, new_table, false)))
     abort ();
   /* table->n_entries already holds its value.  */
   free (new_table->bucket);
+  errno = err;
   return false;
 }
 
@@ -962,7 +973,10 @@ hash_insert_if_absent (Hash_table *table, void const *entry,
                 * tuning->growth_threshold));
 
           if ((float) SIZE_MAX <= candidate)
-            return -1;
+            {
+              errno = ENOMEM;
+              return -1;
+            }
 
           /* If the rehash fails, arrange to return NULL.  */
           if (!hash_rehash (table, candidate))

lib/hash.h

@@ -1,5 +1,5 @@
 /* hash - hashing table processing.
-   Copyright (C) 1998-1999, 2001, 2003, 2009-2023 Free Software Foundation,
+   Copyright (C) 1998-1999, 2001, 2003, 2009-2025 Free Software Foundation,
    Inc.
    Written by Jim Meyering <meyering@ascend.com>, 1998.
 
@@ -61,24 +61,24 @@ typedef struct hash_table Hash_table;
    number of buckets (used plus unused), or the maximum number of slots, are
    the same quantity.  */
 extern size_t hash_get_n_buckets (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 /* Return the number of slots in use (non-empty buckets).  */
 extern size_t hash_get_n_buckets_used (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 /* Return the number of active entries.  */
 extern size_t hash_get_n_entries (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 /* Return the length of the longest chain (bucket).  */
 extern size_t hash_get_max_bucket_length (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 /* Do a mild validation of a hash table, by traversing it and checking two
    statistics.  */
 extern bool hash_table_ok (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 extern void hash_print_statistics (const Hash_table *table, FILE *stream);
 
@@ -99,7 +99,7 @@ extern void *hash_lookup (const Hash_table *table, const void *entry);
 
 /* Return the first data in the table, or NULL if the table is empty.  */
 extern void *hash_get_first (const Hash_table *table)
-       ;
+       _GL_ATTRIBUTE_PURE;
 
 /* Return the user data for the entry following ENTRY, where ENTRY has been
    returned by a previous call to either 'hash_get_first' or 'hash_get_next'.
@@ -124,25 +124,40 @@ typedef bool (*Hash_processor) (void *entry, void *processor_data);
 extern size_t hash_do_for_each (const Hash_table *table,
                                 Hash_processor processor, void *processor_data);
 
+/* Return a hash index for a NUL-terminated STRING between 0 and N_BUCKETS-1.
+   This is a convenience routine for constructing other hashing functions.  */
+extern size_t hash_string (const char *string, size_t n_buckets)
+       _GL_ATTRIBUTE_PURE;
+
+/* Return a hash code of ENTRY, in the range 0..TABLE_SIZE-1.
+   This hash code function must have the property that if the comparator of
+   ENTRY1 and ENTRY2 returns true, the hasher returns the same value for ENTRY1
+   and for ENTRY2.
+   The hash code function typically computes an unsigned integer and at the end
+   performs a % TABLE_SIZE modulo operation.  This modulo operation is performed
+   as part of this hash code function, not by the caller, because in some cases
+   the unsigned integer will be a 'size_t', in other cases an 'uintmax_t' or
+   even larger.  */
+typedef size_t (*Hash_hasher) (const void *entry, size_t table_size);
+
+/* Compare two entries, ENTRY1 (being looked up or being inserted) and
+   ENTRY2 (already in the table) for equality.  Return true for equal,
+   false otherwise.  */
+typedef bool (*Hash_comparator) (const void *entry1, const void *entry2);
+
+/* This function is invoked when an ENTRY is removed from the hash table.  */
+typedef void (*Hash_data_freer) (void *entry);
+
 /*
  * Allocation and clean-up.
  */
 
-/* Return a hash index for a NUL-terminated STRING between 0 and N_BUCKETS-1.
-   This is a convenience routine for constructing other hashing functions.  */
-extern size_t hash_string (const char *string, size_t n_buckets)
-       ;
-
 extern void hash_reset_tuning (Hash_tuning *tuning);
 
-typedef size_t (*Hash_hasher) (const void *entry, size_t table_size);
-typedef bool (*Hash_comparator) (const void *entry1, const void *entry2);
-typedef void (*Hash_data_freer) (void *entry);
-
 /* Reclaim all storage associated with a hash table.  If a data_freer
    function has been supplied by the user when the hash table was created,
    this function applies it to the data of each entry before freeing that
-   entry.  */
+   entry.  This function preserves errno, like 'free'.  */
 extern void hash_free (Hash_table *table);
 
 /* Allocate and return a new hash table, or NULL upon failure.  The initial
@@ -177,23 +192,30 @@ extern void hash_free (Hash_table *table);
    You should specify this function only if you want these functions to free
    all of your 'data' data.  This is typically the case when your data is
    simply an auxiliary struct that you have malloc'd to aggregate several
-   values.  */
+   values.
+
+   Set errno on failure; otherwise errno is unspecified.  */
+_GL_ATTRIBUTE_NODISCARD
 extern Hash_table *hash_initialize (size_t candidate,
                                     const Hash_tuning *tuning,
                                     Hash_hasher hasher,
                                     Hash_comparator comparator,
-                                    Hash_data_freer data_freer);
+                                    Hash_data_freer data_freer)
+  _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC (hash_free, 1);
 
-/* Same as hash_initialize, but invokes xalloc_die on memory exhaustion.  */
+/* Like hash_initialize, but invokes xalloc_die instead of returning NULL.  */
 /* This function is defined by module 'xhash'.  */
+_GL_ATTRIBUTE_NODISCARD
 extern Hash_table *hash_xinitialize (size_t candidate,
                                      const Hash_tuning *tuning,
                                      Hash_hasher hasher,
                                      Hash_comparator comparator,
-                                     Hash_data_freer data_freer);
+                                     Hash_data_freer data_freer)
+  _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC (hash_free, 1)
+  _GL_ATTRIBUTE_RETURNS_NONNULL;
 
 /* Make all buckets empty, placing any chained entries on the free list.
-   Apply the user-specified function data_freer (if any) to the datas of any
+   Apply the user-specified function data_freer (if any) to the data of any
    affected entries.  */
 extern void hash_clear (Hash_table *table);
 
@@ -207,23 +229,26 @@ extern void hash_clear (Hash_table *table);
    the table may receive at least CANDIDATE different user entries, including
    those already in the table, before any other growth of the hash table size
    occurs.  If TUNING->IS_N_BUCKETS is true, then CANDIDATE specifies the
-   exact number of buckets desired.  Return true iff the rehash succeeded.  */
+   exact number of buckets desired.  Return true iff the rehash succeeded,
+   false (setting errno) otherwise.  */
+_GL_ATTRIBUTE_NODISCARD
 extern bool hash_rehash (Hash_table *table, size_t candidate);
 
 /* If ENTRY matches an entry already in the hash table, return the pointer
    to the entry from the table.  Otherwise, insert ENTRY and return ENTRY.
-   Return NULL if the storage required for insertion cannot be allocated.
+   Return NULL (setting errno) if the storage required for insertion
-   This implementation does not support duplicate entries or insertion of
+   cannot be allocated.  This implementation does not support
-   NULL.  */
+   duplicate entries or insertion of NULL.  */
+_GL_ATTRIBUTE_NODISCARD
 extern void *hash_insert (Hash_table *table, const void *entry);
 
-/* Same as hash_insert, but invokes xalloc_die on memory exhaustion.  */
+/* Same as hash_insert, but invokes xalloc_die instead of returning NULL.  */
 /* This function is defined by module 'xhash'.  */
 extern void *hash_xinsert (Hash_table *table, const void *entry);
 
 /* Insert ENTRY into hash TABLE if there is not already a matching entry.
 
-   Return -1 upon memory allocation failure.
+   Return -1 (setting errno) upon memory allocation failure.
    Return 1 if insertion succeeded.
    Return 0 if there is already a matching entry in the table,
    and in that case, if MATCHED_ENT is non-NULL, set *MATCHED_ENT
@@ -247,6 +272,7 @@ extern void *hash_remove (Hash_table *table, const void *entry);
 
 /* Same as hash_remove.  This interface is deprecated.
    FIXME: Remove in 2022.  */
+_GL_ATTRIBUTE_DEPRECATED
 extern void *hash_delete (Hash_table *table, const void *entry);
 
 # ifdef __cplusplus

m4/00gnulib.m4

@@ -1,43 +1,84 @@
-# 00gnulib.m4 serial 3
+# 00gnulib.m4
-dnl Copyright (C) 2009-2019 Free Software Foundation, Inc.
+# serial 9
+dnl Copyright (C) 2009-2025 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
+dnl This file is offered as-is, without any warranty.
 
 dnl This file must be named something that sorts before all other
-dnl gnulib-provided .m4 files.  It is needed until such time as we can
+dnl gnulib-provided .m4 files.  It is needed until the clang fix has
-dnl assume Autoconf 2.64, with its improved AC_DEFUN_ONCE and
+dnl been included in Autoconf.
-dnl m4_divert semantics.
 
-# Until autoconf 2.63, handling of the diversion stack required m4_init
+# The following definitions arrange to use a compiler option
-# to be called first; but this does not happen with aclocal.  Wrapping
+# -Werror=implicit-function-declaration in AC_CHECK_DECL, when the
-# the entire execution in another layer of the diversion stack fixes this.
+# compiler is clang.  Without it, clang implicitly declares "known"
-# Worse, prior to autoconf 2.62, m4_wrap depended on the underlying m4
+# library functions in C mode, but not in C++ mode, which would cause
-# for whether it was FIFO or LIFO; in order to properly balance with
+# Gnulib to omit a declaration and thus later produce an error in C++
-# m4_init, we need to undo our push just before anything wrapped within
+# mode.  As of clang 9.0, these "known" functions are identified through
-# the m4_init body.  The way to ensure this is to wrap both sides of
+# LIBBUILTIN invocations in the LLVM source file
-# m4_init with a one-shot macro that does the pop at the right time.
+# llvm/tools/clang/include/clang/Basic/Builtins.def.
-m4_ifndef([_m4_divert_diversion],
+# It's not possible to AC_REQUIRE the extra tests from AC_CHECK_DECL,
-[m4_divert_push([KILL])
+# because AC_CHECK_DECL, like other Autoconf built-ins, is not supposed
-m4_define([gl_divert_fixup], [m4_divert_pop()m4_define([$0])])
+# to AC_REQUIRE anything: some configure.ac files have their first
-m4_define([m4_init],
+# AC_CHECK_DECL executed conditionally.  Therefore append the extra tests
-  [gl_divert_fixup()]m4_defn([m4_init])[gl_divert_fixup()])])
+# to AC_PROG_CC.
-
+AC_DEFUN([gl_COMPILER_CLANG],
-
+[
-# AC_DEFUN_ONCE([NAME], VALUE)
+dnl AC_REQUIRE([AC_PROG_CC])
-# ----------------------------
+  AC_CACHE_CHECK([whether the compiler is clang],
-# Define NAME to expand to VALUE on the first use (whether by direct
+    [gl_cv_compiler_clang],
-# expansion, or by AC_REQUIRE), and to nothing on all subsequent uses.
+    [dnl Use _AC_COMPILE_IFELSE instead of AC_EGREP_CPP, to avoid error
-# Avoid bugs in AC_REQUIRE in Autoconf 2.63 and earlier.  This
+     dnl "circular dependency of AC_LANG_COMPILER(C)" if AC_PROG_CC has
-# definition is slower than the version in Autoconf 2.64, because it
+     dnl not yet been invoked.
-# can only use interfaces that existed since 2.59; but it achieves the
+     _AC_COMPILE_IFELSE(
-# same effect.  Quoting is necessary to avoid confusing Automake.
+        [AC_LANG_PROGRAM([[
-m4_version_prereq([2.63.263], [],
+           #ifdef __clang__
-[m4_define([AC][_DEFUN_ONCE],
+           barfbarf
-  [AC][_DEFUN([$1],
+           #endif
-    [AC_REQUIRE([_gl_DEFUN_ONCE([$1])],
+           ]],[[]])
-      [m4_indir([_gl_DEFUN_ONCE([$1])])])])]dnl
+        ],
-[AC][_DEFUN([_gl_DEFUN_ONCE([$1])], [$2])])])
+        [gl_cv_compiler_clang=no],
+        [gl_cv_compiler_clang=yes])
+    ])
+])
+AC_DEFUN([gl_COMPILER_PREPARE_CHECK_DECL],
+[
+dnl AC_REQUIRE([AC_PROG_CC])
+dnl AC_REQUIRE([gl_COMPILER_CLANG])
+  AC_CACHE_CHECK([for compiler option needed when checking for declarations],
+    [gl_cv_compiler_check_decl_option],
+    [if test $gl_cv_compiler_clang = yes; then
+       dnl Test whether the compiler supports the option
+       dnl '-Werror=implicit-function-declaration'.
+       saved_ac_compile="$ac_compile"
+       ac_compile="$ac_compile -Werror=implicit-function-declaration"
+       dnl Use _AC_COMPILE_IFELSE instead of AC_COMPILE_IFELSE, to avoid a
+       dnl warning "AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS".
+       _AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[]])],
+         [gl_cv_compiler_check_decl_option='-Werror=implicit-function-declaration'],
+         [gl_cv_compiler_check_decl_option=none])
+       ac_compile="$saved_ac_compile"
+     else
+       gl_cv_compiler_check_decl_option=none
+     fi
+    ])
+  if test "x$gl_cv_compiler_check_decl_option" != xnone; then
+    ac_compile_for_check_decl="$ac_compile $gl_cv_compiler_check_decl_option"
+  else
+    ac_compile_for_check_decl="$ac_compile"
+  fi
+])
+dnl Redefine _AC_CHECK_DECL_BODY so that it references ac_compile_for_check_decl
+dnl instead of ac_compile.  If, for whatever reason, the override of AC_PROG_CC
+dnl in zzgnulib.m4 is inactive, use the original ac_compile.
+m4_define([_AC_CHECK_DECL_BODY],
+[  ac_saved_ac_compile="$ac_compile"
+  if test -n "$ac_compile_for_check_decl"; then
+    ac_compile="$ac_compile_for_check_decl"
+  fi]
+m4_defn([_AC_CHECK_DECL_BODY])[  ac_compile="$ac_saved_ac_compile"
+])
 
 # gl_00GNULIB
 # -----------

m4/zzgnulib.m4

@@ -0,0 +1,25 @@
+# zzgnulib.m4
+# serial 1
+dnl Copyright (C) 2020-2025 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl This file is offered as-is, without any warranty.
+
+dnl This file must be named something that sorts after all other
+dnl package- or gnulib-provided .m4 files - at least for those packages
+dnl that redefine AC_PROG_CC.
+
+dnl Redefine AC_PROG_CC so that it ends with invocations of gl_COMPILER_CLANG
+dnl and gl_COMPILER_PREPARE_CHECK_DECL.
+m4_define([AC_PROG_CC],
+  m4_defn([AC_PROG_CC])[
+gl_COMPILER_CLANG
+gl_COMPILER_PREPARE_CHECK_DECL
+])
+
+# gl_ZZGNULIB
+# -----------
+# Witness macro that this file has been included.  Needed to force
+# Automake to include this file after all other gnulib .m4 files.
+AC_DEFUN([gl_ZZGNULIB])

plugin-manager.c

@@ -52,9 +52,9 @@ plugin_load_one (struct ovl_plugin_context *context, const char *path)
   plugin_name name;
   struct ovl_plugin *p;
   plugin_version version;
-  void *handle = dlopen (path, RTLD_NOW|RTLD_LOCAL);
+  void *handle = dlopen (path, RTLD_NOW | RTLD_LOCAL);
   if (! handle)
-    error (EXIT_FAILURE, 0, "cannot load plugin %s: %s", path, dlerror());
+    error (EXIT_FAILURE, 0, "cannot load plugin %s: %s", path, dlerror ());
 
   p = calloc (1, sizeof (*p));
   if (p == NULL)

plugin-manager.h

@@ -17,10 +17,10 @@
 */
 
 #ifndef PLUGIN_MANAGER_H
-# define PLUGIN_MANAGER_H
+#define PLUGIN_MANAGER_H
-# include <config.h>
+#include <config.h>
 
-# include <dlfcn.h>
+#include <dlfcn.h>
 
 struct ovl_plugin_context
 {
@@ -37,8 +37,7 @@ struct ovl_plugin_context *load_plugins (const char *plugins);
 /* taken from glibc unistd.h and fixes musl */
 #ifndef TEMP_FAILURE_RETRY
 #define TEMP_FAILURE_RETRY(expression) \
-  (__extension__                                                              \
+  (__extension__ ({ long int __result;                                                     \
-    ({ long int __result;                                                     \
        do __result = (long int) (expression);                                 \
        while (__result == -1L && errno == EINTR);                             \
        __result; }))

plugin.h

@@ -17,16 +17,16 @@
 */
 
 #ifndef PLUGIN_H
-# define PLUGIN_H
+#define PLUGIN_H
-# include <config.h>
+#include <config.h>
 
-# include <utils.h>
+#include <utils.h>
-# include <fuse-overlayfs.h>
+#include <fuse-overlayfs.h>
 
-typedef struct data_source *(*plugin_load_data_source)(const char *opaque, const char *path);
+typedef struct data_source *(*plugin_load_data_source) (const char *opaque, const char *path);
-typedef int (*plugin_release)();
+typedef int (*plugin_release) ();
-typedef const char *(*plugin_name)();
+typedef const char *(*plugin_name) ();
-typedef int (*plugin_version)();
+typedef int (*plugin_version) ();
 
 struct ovl_plugin
 {

tests/fedora-installs.sh

@@ -2,17 +2,17 @@
 
 set -xeuo pipefail
 
-mkdir lower upper workdir merged
+mkdir lower:1 upper:2 workdir:3 merged
 
-fuse-overlayfs -o sync=0,lowerdir=lower,upperdir=upper,workdir=workdir,suid,dev merged
+fuse-overlayfs -o 'sync=0,lowerdir=lower\\:1,upperdir=upper\\:2,workdir=workdir\\:3,suid,dev' merged
 
-docker run --rm -v $(pwd)/merged:/merged fedora dnf --installroot /merged --releasever 30 install -y glibc-common gedit
+docker run --rm -v $(pwd)/merged:/merged fedora dnf --use-host-config --installroot /merged --releasever 41 install -y glibc-common gedit
 
 umount merged
 
 # Make sure workdir is empty, and move the upper layer down
-rm -rf workdir lower
+rm -rf lower:1 workdir:3
-mv upper lower
+mv upper:2 lower
 mkdir upper workdir
 
 gcc -static -o suid-test $(dirname $0)/suid-test.c
@@ -30,7 +30,7 @@ stat -c %A upper/suid | grep s
 stat -c %a upper/nosuid | grep -v s
 
 # Install some big packages
-docker run --rm -v $(pwd)/merged:/merged fedora dnf --installroot /merged --releasever 30 install -y emacs texlive
+docker run --rm -v $(pwd)/merged:/merged fedora dnf --use-host-config --installroot /merged --releasever 41 install -y emacs texlive
 
 docker run --rm -v $(pwd)/merged:/merged fedora sh -c 'rm /merged/usr/share/glib-2.0/schemas/gschemas.compiled; glib-compile-schemas /merged/usr/share/glib-2.0/schemas/'
 
@@ -45,17 +45,10 @@ umount merged
 rm -rf workdir lower upper
 mkdir upper workdir lower
 
-fuse-overlayfs -o sync=0,lowerdir=lower,upperdir=upper,workdir=workdir,suid,dev merged
-
-# https://github.com/containers/fuse-overlayfs/issues/86
-docker run --rm -v $(pwd)/merged:/merged quay.io/centos/centos:stream8 yum --installroot /merged -y --releasever 8 install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-
-umount merged
-
 # fast_ino_check
 fuse-overlayfs -o fast_ino_check=1,sync=0,lowerdir=lower,upperdir=upper,workdir=workdir,suid,dev merged
 
-docker run --rm -v $(pwd)/merged:/merged quay.io/centos/centos:stream8 yum --installroot /merged -y --releasever 8 install nano
+docker run --rm -v $(pwd)/merged:/merged fedora dnf --use-host-config --installroot /merged --releasever 41 install -y glibc-common gedit
 
 mkdir merged/a-directory
 
@@ -265,3 +258,18 @@ fuse-overlayfs -o lowerdir=lower,upperdir=upper,workdir=workdir merged
 stat merged/foo
 
 umount merged
+
+# https://github.com/containers/fuse-overlayfs/issues/444
+
+rm -rf lower upper workdir merged
+mkdir lower upper workdir merged
+
+mkdir -p lower/base/test/test1
+touch lower/base/test/test1/test1-file
+
+fuse-overlayfs -o lowerdir=lower,upperdir=upper,workdir=workdir merged
+
+mv merged/base/test/test1 merged/base/test/tmp
+cp -r merged/base/test/tmp merged/base/test/test1
+
+umount merged

tests/suid-test.c

@@ -14,13 +14,13 @@ main ()
   unlink ("suid");
   unlink ("nosuid");
 
-  fd = open ("suid", O_WRONLY|O_CREAT|O_EXCL);
+  fd = open ("suid", O_WRONLY | O_CREAT | O_EXCL);
   write (fd, "1", 1);
   fchown (fd, 0, 0);
   fchmod (fd, S_ISUID | 0755);
   close (fd);
 
-  fd = open ("nosuid", O_WRONLY|O_CREAT|O_EXCL);
+  fd = open ("nosuid", O_WRONLY | O_CREAT | O_EXCL);
   write (fd, "1", 1);
   fchown (fd, 0, 0);
   fchmod (fd, S_ISUID | 0755);

tests/unpriv.sh

@@ -29,3 +29,27 @@ else
 fi
 
 fusermount -u merged || [ $? -eq "${EXPECT_UMOUNT_STATUS:-0}" ]
+
+# xattr_permissions=2
+rm -rf lower upper workdir merged
+mkdir lower upper workdir merged
+
+touch upper/file
+unshare -r setcap cap_net_admin+ep upper/file
+
+fuse-overlayfs -o lowerdir=lower,upperdir=upper,workdir=workdir,xattr_permissions=2 merged
+
+# Ensure the security xattr namespace is isolated.
+test "$(unshare -r getcap merged/file)" = ''
+unshare -r setcap cap_net_admin+ep merged/file
+test "$(unshare -r getcap merged/file)" = 'merged/file cap_net_admin=ep'
+
+# Ensure UID is preserved with chgrp.
+podman unshare chgrp 1 merged/file
+test $(podman unshare stat -c %u:%g merged/file) = 0:1
+
+# Ensure UID and GID are preserved with chmod.
+chmod 600 merged/file
+test $(podman unshare stat -c %u:%g merged/file) = 0:1
+
+fusermount -u merged || [ $? -eq "${EXPECT_UMOUNT_STATUS:-0}" ]

utils.c

@@ -32,48 +32,42 @@
 #include <sys/xattr.h>
 
 #ifndef TEMP_FAILURE_RETRY
-#define TEMP_FAILURE_RETRY(expression) \
+#  define TEMP_FAILURE_RETRY(expression) \
-  (__extension__                                                              \
+    (__extension__ ({ long int __result;                                                     \
-    ({ long int __result;                                                     \
        do __result = (long int) (expression);                                 \
        while (__result == -1L && errno == EINTR);                             \
        __result; }))
 #endif
 
 #ifndef RESOLVE_IN_ROOT
-# define RESOLVE_IN_ROOT		0x10
+#  define RESOLVE_IN_ROOT 0x10
 #endif
 #ifndef __NR_openat2
-# define __NR_openat2 437
+#  define __NR_openat2 437
 #endif
 
 /* uClibc and uClibc-ng don't provide O_TMPFILE */
 #ifndef O_TMPFILE
-# define O_TMPFILE (020000000 | O_DIRECTORY)
+#  define O_TMPFILE (020000000 | O_DIRECTORY)
 #endif
 
 /* List of all valid flags for the open/openat flags argument: */
 #define VALID_OPEN_FLAGS \
-  (O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | \
+  (O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | O_APPEND | O_NDELAY | O_NONBLOCK | O_NDELAY | O_SYNC | O_DSYNC | FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | O_NOATIME | O_CLOEXEC | O_PATH | O_TMPFILE)
-   O_APPEND | O_NDELAY | O_NONBLOCK | O_NDELAY | O_SYNC | O_DSYNC |     \
-   FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW |         \
-   O_NOATIME | O_CLOEXEC | O_PATH | O_TMPFILE)
 
 static int
 syscall_openat2 (int dirfd, const char *path, uint64_t flags, uint64_t mode, uint64_t resolve)
 {
   struct openat2_open_how
-    {
+  {
-      uint64_t flags;
+    uint64_t flags;
-      uint64_t mode;
+    uint64_t mode;
-      uint64_t resolve;
+    uint64_t resolve;
-    }
+  } how = {
-  how =
+    .flags = flags & VALID_OPEN_FLAGS,
-    {
+    .mode = (flags & O_CREAT) ? (mode & 07777) : 0,
-     .flags = flags & VALID_OPEN_FLAGS,
+    .resolve = resolve,
-     .mode = (flags & O_CREAT) ? (mode & 07777) : 0,
+  };
-     .resolve = resolve,
-    };
 
   return (int) syscall (__NR_openat2, dirfd, path, &how, sizeof (how), 0);
 }
@@ -97,18 +91,19 @@ safe_openat (int dirfd, const char *pathname, int flags, mode_t mode)
         }
       return ret;
     }
- fallback:
+fallback:
   return openat (dirfd, pathname, flags, mode);
 }
 
 int
 file_exists_at (int dirfd, const char *pathname)
 {
-  int ret = faccessat (dirfd, pathname, F_OK, AT_SYMLINK_NOFOLLOW|AT_EACCESS);
+  int ret = faccessat (dirfd, pathname, F_OK, AT_SYMLINK_NOFOLLOW | AT_EACCESS);
-  if (ret < 0 && errno == EINVAL) {
+  if (ret < 0 && errno == EINVAL)
-    struct stat buf;
+    {
-    return fstatat (dirfd, pathname, &buf, AT_SYMLINK_NOFOLLOW);
+      struct stat buf;
-  }
+      return fstatat (dirfd, pathname, &buf, AT_SYMLINK_NOFOLLOW);
+    }
   return ret;
 }
 
@@ -219,7 +214,7 @@ open_fd_or_get_path (struct ovl_layer *l, const char *path, char *out, int *fd,
 {
   out[0] = '\0';
 
-  *fd = l->ds->openat (l, path, O_NONBLOCK|O_NOFOLLOW|flags, 0);
+  *fd = l->ds->openat (l, path, O_NONBLOCK | O_NOFOLLOW | flags, 0);
   if (*fd < 0 && (errno == ELOOP || errno == EISDIR || errno == ENXIO))
     {
       strconcat3 (out, PATH_MAX, l->path, "/", path);
@@ -229,16 +224,38 @@ open_fd_or_get_path (struct ovl_layer *l, const char *path, char *out, int *fd,
   return *fd;
 }
 
+int
+read_device (const char *s, dev_t *dev)
+{
+  unsigned int major, minor;
+  int ret;
+
+  while (*s == '-')
+    s++;
+
+  ret = sscanf (s, "%u-%u", &major, &minor);
+  if (ret != 2)
+    {
+      errno = EINVAL;
+      return -1;
+    }
+
+  *dev = makedev (major, minor);
+
+  return 0;
+}
+
 int
 override_mode (struct ovl_layer *l, int fd, const char *abs_path, const char *path, struct stat *st)
 {
   int ret;
   uid_t uid;
   gid_t gid;
-  mode_t mode;
+  mode_t mode = 0;
   char buf[64];
   cleanup_close int cleanup_fd = -1;
   const char *xattr_name;
+  cleanup_free char *type = NULL;
 
   switch (st->st_mode & S_IFMT)
     {
@@ -275,14 +292,10 @@ override_mode (struct ovl_layer *l, int fd, const char *abs_path, const char *pa
   if (fd >= 0)
     {
       ret = fgetxattr (fd, xattr_name, buf, sizeof (buf) - 1);
-      if (ret < 0)
-        return ret;
     }
   else if (abs_path)
     {
       ret = lgetxattr (abs_path, xattr_name, buf, sizeof (buf) - 1);
-      if (ret < 0)
-        return ret;
     }
   else
     {
@@ -297,20 +310,53 @@ override_mode (struct ovl_layer *l, int fd, const char *abs_path, const char *pa
       if (fd >= 0)
         ret = fgetxattr (fd, xattr_name, buf, sizeof (buf) - 1);
       else
-        {
+        ret = lgetxattr (full_path, xattr_name, buf, sizeof (buf) - 1);
-          ret = lgetxattr (full_path, xattr_name, buf, sizeof (buf) - 1);
-          if (ret < 0 && errno == ENODATA)
-            return 0;
-        }
-
-      if (ret < 0)
-        return ret;
     }
 
+  if (ret < 0)
+    return errno == ENODATA ? 0 : ret;
+
   buf[ret] = '\0';
 
-  ret = sscanf (buf, "%d:%d:%o", &uid, &gid, &mode);
+  ret = sscanf (buf, "%d:%d:%o:%ms", &uid, &gid, &mode, &type);
-  if (ret != 3)
+  if (ret == 4)
+    {
+      if (has_prefix (type, "dir"))
+        mode |= S_IFDIR;
+      else if (has_prefix (type, "file"))
+        mode |= S_IFREG;
+      else if (has_prefix (type, "symlink"))
+        mode |= S_IFLNK;
+      else if (has_prefix (type, "pipe"))
+        mode |= S_IFIFO;
+      else if (has_prefix (type, "socket"))
+        mode |= S_IFSOCK;
+      else if (has_prefix (type, "block"))
+        {
+          mode |= S_IFBLK;
+          ret = read_device (type + strlen ("block"), &st->st_rdev);
+          if (ret < 0)
+            return ret;
+        }
+      else if (has_prefix (type, "char"))
+        {
+          mode |= S_IFCHR;
+          ret = read_device (type + strlen ("char"), &st->st_rdev);
+          if (ret < 0)
+            return ret;
+        }
+      else
+        {
+          errno = EINVAL;
+          return -1;
+        }
+    }
+  else if (ret == 3)
+    {
+      /* If a type is not specified, keep the original one.  */
+      mode |= (st->st_mode & S_IFMT);
+    }
+  else
     {
       errno = EINVAL;
       return -1;
@@ -318,7 +364,24 @@ override_mode (struct ovl_layer *l, int fd, const char *abs_path, const char *pa
 
   st->st_uid = uid;
   st->st_gid = gid;
-  st->st_mode = (st->st_mode & S_IFMT) | mode;
+  st->st_mode = mode;
 
   return 0;
 }
+
+bool
+has_prefix (const char *str, const char *pref)
+{
+  while (1)
+    {
+      if (*pref == '\0')
+        return true;
+      if (*str == '\0')
+        return false;
+      if (*pref != *str)
+        return false;
+      str++;
+      pref++;
+    }
+  return false;
+}

utils.h

@@ -16,25 +16,25 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef UTILS_H
-# define UTILS_H
+#define UTILS_H
 
 #ifndef _GNU_SOURCE
-# define _GNU_SOURCE
+#  define _GNU_SOURCE
 #endif
 
-# include <config.h>
+#include <config.h>
-# include <dirent.h>
+#include <dirent.h>
-# include <fcntl.h>
+#include <fcntl.h>
-# include <limits.h>
+#include <limits.h>
-# include <stdio.h>
+#include <stdio.h>
-# include <stdlib.h>
+#include <stdlib.h>
-# include <sys/types.h>
+#include <sys/types.h>
-# include <unistd.h>
+#include <unistd.h>
-# include "fuse-overlayfs.h"
+#include "fuse-overlayfs.h"
 
-# define XATTR_OVERRIDE_STAT "user.fuseoverlayfs.override_stat"
+#define XATTR_OVERRIDE_STAT "user.fuseoverlayfs.override_stat"
-# define XATTR_PRIVILEGED_OVERRIDE_STAT "security.fuseoverlayfs.override_stat"
+#define XATTR_PRIVILEGED_OVERRIDE_STAT "security.fuseoverlayfs.override_stat"
-# define XATTR_OVERRIDE_CONTAINERS_STAT "user.containers.override_stat"
+#define XATTR_OVERRIDE_CONTAINERS_STAT "user.containers.override_stat"
 
 void cleanup_freep (void *p);
 void cleanup_filep (FILE **f);
@@ -46,20 +46,22 @@ int file_exists_at (int dirfd, const char *pathname);
 int strconcat3 (char *dest, size_t size, const char *s1, const char *s2, const char *s3);
 int open_fd_or_get_path (struct ovl_layer *l, const char *path, char *out, int *fd, int flags);
 
-# define cleanup_file __attribute__((cleanup (cleanup_filep)))
+#define cleanup_file __attribute__ ((cleanup (cleanup_filep)))
-# define cleanup_free __attribute__((cleanup (cleanup_freep)))
+#define cleanup_free __attribute__ ((cleanup (cleanup_freep)))
-# define cleanup_close __attribute__((cleanup (cleanup_closep)))
+#define cleanup_close __attribute__ ((cleanup (cleanup_closep)))
-# define cleanup_dir __attribute__((cleanup (cleanup_dirp)))
+#define cleanup_dir __attribute__ ((cleanup (cleanup_dirp)))
 
-# define LIKELY(x) __builtin_expect((x),1)
+#define LIKELY(x) __builtin_expect ((x), 1)
-# define UNLIKELY(x) __builtin_expect((x),0)
+#define UNLIKELY(x) __builtin_expect ((x), 0)
 
-# ifdef HAVE_STATX
+#ifdef HAVE_STATX
 void statx_to_stat (struct statx *stx, struct stat *st);
-# endif
+#endif
 
 int safe_openat (int dirfd, const char *pathname, int flags, mode_t mode);
 
 int override_mode (struct ovl_layer *l, int fd, const char *abs_path, const char *path, struct stat *st);
 
+bool has_prefix (const char *str, const char *pref);
+
 #endif