[Devel,1/2] xattr: prohibit getxattr/setxattr trusted.pfcache

Submitted by Pavel Tikhomirov on Sept. 6, 2016, 4:29 p.m.


Message ID 1473179381-1494-1-git-send-email-ptikhomirov@virtuozzo.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Pavel Tikhomirov Sept. 6, 2016, 4:29 p.m.
We have same behaviour for trusted.pfcache in VZ6
(in CT set and get are prohibited) and want to preserve it
after we'll allow all other trusted.xxx in next patch.

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
 fs/ext4/pfcache.c | 6 ++++++
 1 file changed, 6 insertions(+)

Patch hide | download patch | download mbox

diff --git a/fs/ext4/pfcache.c b/fs/ext4/pfcache.c
index 5f2a3bd..ff2300b 100644
--- a/fs/ext4/pfcache.c
+++ b/fs/ext4/pfcache.c
@@ -654,6 +654,9 @@  static int ext4_xattr_trusted_csum_get(struct dentry *dentry, const char *name,
 	if (!test_opt2(inode->i_sb, PFCACHE_CSUM))
 		return -EOPNOTSUPP;
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	if (S_ISDIR(inode->i_mode))
 		return ext4_xattr_get(inode, EXT4_XATTR_INDEX_TRUSTED,
 				      EXT4_DATA_CSUM_NAME, buffer, size);
@@ -702,6 +705,9 @@  static int ext4_xattr_trusted_csum_set(struct dentry *dentry, const char *name,
 	if (!test_opt2(inode->i_sb, PFCACHE_CSUM))
 		return -EOPNOTSUPP;
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
 	if (S_ISDIR(inode->i_mode)) {
 		if (!value)
 			ext4_clear_inode_state(inode, EXT4_STATE_PFCACHE_CSUM);