diff -cr sys.orig/fs/union/union.h sys/fs/union/union.h *** sys.orig/fs/union/union.h 2020-08-27 11:08:39.000000000 +0200 --- sys/fs/union/union.h 2023-07-29 04:27:10.146242017 +0200 *************** *** 85,101 **** --- 85,106 ---- #define UNMNT_REPLACE 0x0003 /* Target replaces mount point */ #define UNMNT_OPMASK 0x0003 + #define UNMNT_FWRITE 0x0004 + #define UNMNT_BITS "\177\20" \ "b\00above\0b\01below\0b\02replace\0" #ifdef _KERNEL + #define UNFLG_FWRITE 0x0001 + struct union_mount { struct vnode *um_uppervp; struct vnode *um_lowervp; kauth_cred_t um_cred; /* Credentials of user calling mount */ int um_cmode; /* cmask from mount process */ int um_op; /* Operation mode */ + int um_flags; /* flags */ }; /* diff -cr sys.orig/fs/union/union_vfsops.c sys/fs/union/union_vfsops.c *** sys.orig/fs/union/union_vfsops.c 2019-02-20 11:05:59.000000000 +0100 --- sys/fs/union/union_vfsops.c 2023-07-29 04:27:10.146242017 +0200 *************** *** 200,205 **** --- 200,206 ---- goto bad; } + um->um_flags = (args->mntflags & UNMNT_FWRITE) ? UNFLG_FWRITE : 0; mp->mnt_iflag |= IMNT_MPSAFE; /* diff -cr sys.orig/fs/union/union_vnops.c sys/fs/union/union_vnops.c *** sys.orig/fs/union/union_vnops.c 2020-08-27 11:08:39.000000000 +0200 --- sys/fs/union/union_vnops.c 2023-08-01 14:35:23.296562944 +0200 *************** *** 411,416 **** --- 411,417 ---- */ if ((uerror == EJUSTRETURN) && (cnp->cn_flags & ISLASTCN) && + !(um->um_flags & UNFLG_FWRITE) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && ((cnp->cn_nameiop == CREATE) || (cnp->cn_nameiop == RENAME))) uerror = EROFS; *************** *** 726,732 **** case VDIR: case VLNK: case VREG: ! if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); break; case VBAD: --- 727,734 ---- case VDIR: case VLNK: case VREG: ! if (!(um->um_flags & UNFLG_FWRITE) && ! (vp->v_mount->mnt_flag & MNT_RDONLY)) return (EROFS); break; case VBAD: *************** *** 747,752 **** --- 749,762 ---- } if ((vp = un->un_lowervp) != NULLVP) { + if ((ap->a_mode & VWRITE) && + (um->um_flags & UNFLG_FWRITE) && + (vp->v_type == VREG)) { + error = union_copyup(un, 1, ap->a_cred, curlwp); + if (error) + return (error); + return (VCALL(un->un_uppervp, VOFFSET(vop_access), ap)); + } vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); ap->a_vp = vp; error = VCALL(vp, VOFFSET(vop_access), ap); *************** *** 782,788 **** struct vattr *vap; struct vattr va; - /* * Some programs walk the filesystem hierarchy by counting * links to directories to avoid stat'ing all the time. --- 792,797 ---- *************** *** 861,866 **** --- 870,876 ---- struct vattr *vap = ap->a_vap; struct vnode *vp = ap->a_vp; struct union_node *un = VTOUNION(vp); + struct union_mount *um = MOUNTTOUNIONMOUNT(vp->v_mount); bool size_only; /* All but va_size are VNOVAL. */ int error; *************** *** 868,874 **** vap->va_gid == (gid_t)VNOVAL && vap->va_atime.tv_sec == VNOVAL && vap->va_mtime.tv_sec == VNOVAL && vap->va_mode == (mode_t)VNOVAL); ! if (!size_only && (vp->v_mount->mnt_flag & MNT_RDONLY)) return (EROFS); if (vap->va_size != VNOVAL) { switch (vp->v_type) { --- 878,885 ---- vap->va_gid == (gid_t)VNOVAL && vap->va_atime.tv_sec == VNOVAL && vap->va_mtime.tv_sec == VNOVAL && vap->va_mode == (mode_t)VNOVAL); ! if (!size_only && !(um->um_flags & UNFLG_FWRITE) && ! (vp->v_mount->mnt_flag & MNT_RDONLY)) return (EROFS); if (vap->va_size != VNOVAL) { switch (vp->v_type) { *************** *** 886,892 **** * Disallow write attempts if the filesystem is * mounted read-only. */ ! if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); } } --- 897,904 ---- * Disallow write attempts if the filesystem is * mounted read-only. */ ! if (!(um->um_flags & UNFLG_FWRITE) && ! (vp->v_mount->mnt_flag & MNT_RDONLY)) return (EROFS); } }