| Message ID | 1473179381-1494-2-git-send-email-ptikhomirov@virtuozzo.com |
|---|---|
| State | New |
| Series | "Series without cover letter" |
| Headers | show |
diff --git a/fs/xattr.c b/fs/xattr.c index 3377dff..d49ea1b 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -52,7 +52,7 @@ xattr_permission(struct inode *inode, const char *name, int mask) * The trusted.* namespace can only be accessed by privileged users. */ if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { - if (!capable(CAP_SYS_ADMIN)) + if (!ve_capable(CAP_SYS_ADMIN)) return (mask & MAY_WRITE) ? -EPERM : -ENODATA; return 0; }
On 09/06/2016 07:29 PM, Pavel Tikhomirov wrote: > Attributes trusted.xxx are used in userspace mechanisms > which want to keep information in extended attributes to > which ordinary process has no access. > > We can't check them all, but here is hope that such > mechanisms on host and in CT won't intersect, because > most likely we won't find the process from host which > sets xattrs on container files through /vz/root/<ctid>, > except the case with trusted.pfcache which is covered in > previous patch. > > https://jira.sw.ru/browse/PSBM-51102 > Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> > --- > fs/xattr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/xattr.c b/fs/xattr.c > index 3377dff..d49ea1b 100644 > --- a/fs/xattr.c > +++ b/fs/xattr.c > @@ -52,7 +52,7 @@ xattr_permission(struct inode *inode, const char *name, int mask) > * The trusted.* namespace can only be accessed by privileged users. > */ > if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { > - if (!capable(CAP_SYS_ADMIN)) > + if (!ve_capable(CAP_SYS_ADMIN)) > return (mask & MAY_WRITE) ? -EPERM : -ENODATA; > return 0; > } > why don't we need the same capable() -> ve_capable() in simple_xattr_list()?
It seem to be used in shmemfs(shmem_listxattr) and cgroupfs(cgroupfs_listxattr) only, and every fs has its own list method, and some do not have capable() check. Best regards, Tikhomirov Pavel Software Developer, Virtuozzo.
Attributes trusted.xxx are used in userspace mechanisms which want to keep information in extended attributes to which ordinary process has no access. We can't check them all, but here is hope that such mechanisms on host and in CT won't intersect, because most likely we won't find the process from host which sets xattrs on container files through /vz/root/<ctid>, except the case with trusted.pfcache which is covered in previous patch. https://jira.sw.ru/browse/PSBM-51102 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> --- fs/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)