BUG: allow mounter getattr access to noaccess_t files

[rhvgoyal]

Overlay filesystem recently added support for metadata only copy up feature. This feature stores a xattr named overlay.metacopy if a file is metadata only and data is in some file in lower layer.

This means during lookup, metacopy xattr is searched for to determine if a dentry is metadata only dentry or not. If it is, then search continues in lower layers to find actual data dentry.

All this happens with the creds of mounter and this means mounter atleast needs to have getattr permission on underlying file, otherwise lookup will fail.

With this change in overlayfs, one test (test_72_ctx) broke. We are trying to unlink a file and it failed because dentry lookup failed.

Before metacopy we had "origin" xattr which is looked up in dentry lookup path as well. We never ran into that issue because it happens only if there is a file present in upper directory. As test_72_ctx worked only with files in lower, it worked and did not break with introduction of origin xattr.

To fix this test case, allow mounter "getattr" permission on noaccess_file_t.

This makes 3 other tests fail which test that getattr on noaccess_file_t should fail. I am disabling these tests as these are not valid anymore with this change.

test_20(), test_30() and test_52() now do not make sense for context mounts.

Signed-off-by: Vivek Goyal vgoyal@redhat.com

[pcmoore]

For discussion and more information see: https://github.com/SELinuxProject/selinux-kernel/issues/41

[pcmoore]

The issue this PR is attempting to resolve was resolved in https://github.com/SELinuxProject/selinux-testsuite/pull/40.