| Message ID | 1610471239-72562-1-git-send-email-andrey.zhadchenko@virtuozzo.com |
|---|---|
| State | New |
| Series | "overlayfs: relax capable check for trusted prefix xattrs" |
| Headers | show
Delivered-To: criupatchwork@gmail.com Received: from imap.gmail.com [108.177.119.109] by patchwork.criu.org with IMAP (fetchmail-6.4.8) for <root@localhost> (single-drop); Tue, 12 Jan 2021 18:09:46 +0100 (CET) Received: by 2002:aa6:c11a:0:b029:a4:55c9:6120 with SMTP id c26csp3557489lkp; Tue, 12 Jan 2021 09:09:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjPGKPTvs6vkR3KdQaXFkEXQUa9dhEfB7upl8S0rKVJhtBqer0FRsXijZsqv25V3FEToVf X-Received: by 2002:a05:651c:1129:: with SMTP id e9mr92645ljo.135.1610471379681; Tue, 12 Jan 2021 09:09:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610471379; cv=none; d=google.com; s=arc-20160816; b=w2kb00IC3VaYgi3Gl+JU3uvtO2l5xUNCwtdC4vOyOR8sTxnyvz6C4ENQ05brVqNYlB NbjT0JAzQVkKjJB2/ukdv80ZFWjxBptrKI/n6UkELePs4Kj+ZBPdV96V16xnDT4EIMv6 zcZHrmOt+UqSNhhLdMale7UoIkf3d8/Bxkj4SDj8yj8kj+Cs4AOCK1mf6Szjwzr0ulJw YUv33ZpA5BKysMClnQAsCBPIIFFxvWCCQU9o+6JQMP/sIkguKA9EK8JCaWeFv3epbi2y DlXpm+nikI6lSqVCRZ9ArEqrTtcIAhrl9flgZoJDFjCdBIfM4HXMN3QAib4E8q7OL7wn czcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from; bh=nz7tyvzKEFAqsS1bdOu8mdYSCpdZKSfhmIaqcYcH3PA=; b=cxezkdotMhurn53uDYEA/t+z9HnGCp8s7vyeXLGSlFe5sik3neJ0FYjoEGxpGcOFEy zcVfk8W1n6HqVtOuN52sIpQhRRGQdf9HUqG+XznO6tY2r1O8JdvmCgSx6MPfTjK1uma9 5fQLHfMp0EhVME9g3Iu/6HT51VggMyPdBJhL19xk+fwZfj9UNrjWWbLRGiaIWN4UAiwP 0os8kHg5V8ZO1tqAaSK6Yh5UwUlXU/SI5rmeDbxVndXNfs1ry46hfqERLd0R7dn0csnX RCkbdg3B2ejJEA2y30Ubm78qkwpS0EJQvv11JoEqo5vtdO5OrBSmaLUymkbIYAxmwElA 87sA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by mx.google.com with ESMTPS id f5si1889638ljj.397.2021.01.12.09.09.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Jan 2021 09:09:39 -0800 (PST) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: from localhost.localdomain (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 10CH91Do010982; Tue, 12 Jan 2021 20:09:04 +0300 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05lp2113.outbound.protection.outlook.com [104.47.17.113]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 10CH8xLP010979 for <devel@openvz.org>; Tue, 12 Jan 2021 20:08:59 +0300 Received: from AS8PR04CA0118.eurprd04.prod.outlook.com (2603:10a6:20b:31e::33) by AM0PR08MB4929.eurprd08.prod.outlook.com (2603:10a6:208:158::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.9; Tue, 12 Jan 2021 17:09:00 +0000 Received: from HE1EUR01FT021.eop-EUR01.prod.protection.outlook.com (2603:10a6:20b:31e:cafe::a3) by AS8PR04CA0118.outlook.office365.com (2603:10a6:20b:31e::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 12 Jan 2021 17:09:00 +0000 Authentication-Results: spf=pass (sender IP is 185.231.240.75) smtp.mailfrom=virtuozzo.com; openvz.org; dkim=none (message not signed) header.d=none; openvz.org; dmarc=pass action=none header.from=virtuozzo.com; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 185.231.240.75 as permitted sender) receiver=protection.outlook.com; client-ip=185.231.240.75; helo=relay3.sw.ru; Received: from relay3.sw.ru (185.231.240.75) by HE1EUR01FT021.mail.protection.outlook.com (10.152.0.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 12 Jan 2021 17:08:59 +0000 Received: from [10.94.4.71] (helo=dptest2.qa.sw.ru) by relay3.sw.ru with esmtp (Exim 4.94) (envelope-from <andrey.zhadchenko@virtuozzo.com>) id 1kzN93-00GKMy-EB; Tue, 12 Jan 2021 20:07:49 +0300 From: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com> To: devel@openvz.org, vvs@virtuozzo.com Date: Tue, 12 Jan 2021 20:07:19 +0300 Message-Id: <1610471239-72562-1-git-send-email-andrey.zhadchenko@virtuozzo.com> X-Mailer: git-send-email 1.8.3.1 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 27ca0d05-4c90-486d-022b-08d8b71cc0f4 X-MS-TrafficTypeDiagnostic: AM0PR08MB4929: X-Forefront-Antispam-Report: CIP:185.231.240.75; CTRY:RU; LANG:en; SCL:-1; SRV:; IPV:CAL; SFV:SKN; H:relay3.sw.ru; PTR:relay.sw.ru; CAT:NONE; SFS:; DIR:INB; X-MS-Oob-TLC-OOBClassifiers: OLM:478; X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?IuX0+nyV4MvydzHnWqDsQmMNf/0rz1RX0Rh4/yCflVdu0IMu0t2uNt74HPlk?= =?us-ascii?Q?SNX9EYGSOr0jmU1NkY7uvnmLK+zjVIQpHQ2vxanaLLf23lQh2O082PlfbQfN?= =?us-ascii?Q?BeKoVj+kF98QWcvpggJCGBVbqRqyebVDAvvGcYWEIyDtFpPjtEm3cuNOLv2g?= =?us-ascii?Q?WGNUrexjG01+LRgF8bH/2peLgRjxK5ZG3K0fEZbuTTfmQlXIAI3iEu04foWY?= =?us-ascii?Q?RD6NTuj5AlUTeiDkztd7zg6xXciZYl2CYZqu7QEzO7cq/WG3q0BuezH6iJDr?= =?us-ascii?Q?x6hr7sDeVfZHDjAbwkIiHcWe8IxQ1MTwd1woHZQ0Th0m1gYsNbTi/z15MZMB?= =?us-ascii?Q?CZQBNAa7wIK41bJoh9u6eDKvb/IGSrQKQp7w6wKMClMr6SbzVuL7oaCKGeQ1?= =?us-ascii?Q?kaKmctF5qAnFwgui3VQkvQA9Vv/UzQugAbA3XPAwnLHaYfQBz7qt0/5C8Ia2?= =?us-ascii?Q?IS650CBR9A+pUt27akBNo/vClpB3AkzwCvpwE7sesKfogsMNHpOVx9T/qKBn?= =?us-ascii?Q?VF51MGNJaup4sgamxFyH/SkgCTxRVIRXeCuJyXTMqc6qa07byA/ouZuF5Gru?= =?us-ascii?Q?0HBuuvJs3TQSVBnhIqcD8j2omh3LErT4LMoAnXk1470BasOrveGCCVsupu+V?= =?us-ascii?Q?45hoELEara7A/RArJtzqBDI+k/SDClDvIxpETT+vIvXMPn8UmSvIp+anBQuI?= =?us-ascii?Q?RtDr1iKebOl7tApI7k75f4+CPDmDqpupplRHM28od+mbIAJMjdnLQyMWAXRd?= =?us-ascii?Q?zFYKhuyMIi1T2DssFaJMnDVhY1pwuT9WNfeg36TMVSVQ31M4mOGQTLsOiU0p?= =?us-ascii?Q?qxjK2qpgqEjt9Ozp3tfCNBnnBu8HIOgT1E5cCCIrcCTH56ILcB7sjLynkYF4?= =?us-ascii?Q?eKlt4AHC6Lr2tA6XoA1PwgxBw85fRG2ULAmGGWLrrPL/hFh9TN4KDNcFhVCw?= =?us-ascii?Q?Nl1LJ66NF43SCns0bLXMEAXuvGm1tNCmZKeI6wZ37QhflFX5ekmq8h0bBQNj?= =?us-ascii?Q?iwDqTJzcostPEzAfX2sSQClevbRR6m/KUWUJUJU5opTf7SSCRWWiEsw3nhO2?= =?us-ascii?Q?ITvd0xh2y/uvPOVhDGclQowPGaTEDGofWpk3Ucp2Fx8RS/BoR2UWfGELGXqp?= =?us-ascii?Q?82AzQiuY/hHpiQjVAPdygoVCtaanfXVhlddu4MSJ//to6irdO/jtsavnfdNo?= =?us-ascii?Q?R6M9fntIPPS+ei0M9mHhLhyUy1SVWGyjJl9PoygU3B0pEgdUCuuaIN8Hsb8+?= =?us-ascii?Q?B302DpiSF3pAIFYJDo7hM7Dafd4x0dWSkdFtsEEBJR7vm4kHDVYe0ExuMEka?= =?us-ascii?Q?9GjNEvX8U5CbALJeacyyJ2HQ/F3ck7Dy3kGkb/hY5FMVvYjHPh3moedi/FZH?= =?us-ascii?Q?jjqKxIUUdN+TmpsozC7ecWR5JxRSwxgOYqYnrt3aNjBYryOreTL4/DV61n/a?= =?us-ascii?Q?0if69ackYLnz0qcyn2RY1T+44Yev+95ZHWNBl8Es5RIUiu2O5F9HDi7K32+X?= =?us-ascii?Q?0EIezPYqLyZHVCV/6PmCZZkQG0tStsj6tBDhbTu1D2Jf3arACjrNG2c1D4FN?= =?us-ascii?Q?yZj/Xo0bqZspjhhYGZpuS48BU/hRRz35JfOCOfzaaVjnyxzBlPtno5BInL72?= =?us-ascii?Q?iA=3D=3D?= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jan 2021 17:08:59.7029 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 27ca0d05-4c90-486d-022b-08d8b71cc0f4 X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; Ip=[185.231.240.75]; Helo=[relay3.sw.ru] X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT021.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4929 X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 185.231.240.75 X-MS-Exchange-CrossPremises-TransportTrafficType: Email X-MS-Exchange-CrossPremises-AuthSource: HE1EUR01FT021.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Anonymous X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: AM0PR08MB4929.eurprd08.prod.outlook.com Subject: [Devel] [PATCH rh7] overlayfs: relax capable check for trusted prefix xattrs X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 5d38014..2d7d5a7 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -366,7 +366,7 @@ static bool ovl_can_list(const char *s) return true; /* Never list trusted.overlay, list other trusted for superuser only */ - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN); + return !ovl_is_private_xattr(s) && ve_capable(CAP_SYS_ADMIN); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
ovl_listxattr() additionally check if attributes can be shown to user by calling capable(). Change it to ve_capable() to avoid problems in containers. https://jira.sw.ru/browse/PSBM-124532 Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com> --- fs/overlayfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)