[rh7] overlayfs: relax capable check for trusted prefix xattrs

Submitted by Andrey Zhadchenko on Jan. 12, 2021, 5:07 p.m.

Details

Message ID 1610471239-72562-1-git-send-email-andrey.zhadchenko@virtuozzo.com
State New
Series "overlayfs: relax capable check for trusted prefix xattrs"
Headers show

Commit Message

Andrey Zhadchenko Jan. 12, 2021, 5:07 p.m.
ovl_listxattr() additionally check if attributes can be shown to user by
calling capable(). Change it to ve_capable() to avoid problems in containers.

https://jira.sw.ru/browse/PSBM-124532
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
---
 fs/overlayfs/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 5d38014..2d7d5a7 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -366,7 +366,7 @@  static bool ovl_can_list(const char *s)
 		return true;
 
 	/* Never list trusted.overlay, list other trusted for superuser only */
-	return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
+	return !ovl_is_private_xattr(s) && ve_capable(CAP_SYS_ADMIN);
 }
 
 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)