[Devel,2/2] xattr: allow to set trusted.xxx for container admin

Submitted by Pavel Tikhomirov on Sept. 6, 2016, 4:29 p.m.

Details

Message ID 1473179381-1494-2-git-send-email-ptikhomirov@virtuozzo.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Pavel Tikhomirov Sept. 6, 2016, 4:29 p.m.
Attributes trusted.xxx are used in userspace mechanisms
which want to keep information in extended attributes to
which ordinary process has no access.

We can't check them all, but here is hope that such
mechanisms on host and in CT won't intersect, because
most likely we won't find the process from host which
sets xattrs on container files through /vz/root/<ctid>,
except the case with trusted.pfcache which is covered in
previous patch.

https://jira.sw.ru/browse/PSBM-51102
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 fs/xattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/xattr.c b/fs/xattr.c
index 3377dff..d49ea1b 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -52,7 +52,7 @@  xattr_permission(struct inode *inode, const char *name, int mask)
 	 * The trusted.* namespace can only be accessed by privileged users.
 	 */
 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
-		if (!capable(CAP_SYS_ADMIN))
+		if (!ve_capable(CAP_SYS_ADMIN))
 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
 		return 0;
 	}

Comments

Konstantin Khorenko Sept. 7, 2016, 4:41 p.m.
On 09/06/2016 07:29 PM, Pavel Tikhomirov wrote:
> Attributes trusted.xxx are used in userspace mechanisms
> which want to keep information in extended attributes to
> which ordinary process has no access.
>
> We can't check them all, but here is hope that such
> mechanisms on host and in CT won't intersect, because
> most likely we won't find the process from host which
> sets xattrs on container files through /vz/root/<ctid>,
> except the case with trusted.pfcache which is covered in
> previous patch.
>
> https://jira.sw.ru/browse/PSBM-51102
> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
> ---
>  fs/xattr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 3377dff..d49ea1b 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -52,7 +52,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
>  	 * The trusted.* namespace can only be accessed by privileged users.
>  	 */
>  	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
> -		if (!capable(CAP_SYS_ADMIN))
> +		if (!ve_capable(CAP_SYS_ADMIN))
>  			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
>  		return 0;
>  	}
>

why don't we need the same capable() -> ve_capable() in simple_xattr_list()?
Pavel Tikhomirov Sept. 7, 2016, 7:13 p.m.
It seem to be used in shmemfs(shmem_listxattr) and cgroupfs(cgroupfs_listxattr) only, and every fs has its own list method, and some do not have capable() check.

Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.