[Devel,RHEL7,COMMIT] ve/xattr/ext4: fix filtering trusted xattr while listing them

Submitted by Konstantin Khorenko on Sept. 21, 2016, 1:50 p.m.

Details

Message ID 201609211350.u8LDo5EF008294@finist_cl7.x64_64.work.ct
State New
Series "ext4: fix filtering trusted xattr"
Headers show

Commit Message

Konstantin Khorenko Sept. 21, 2016, 1:50 p.m.
The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.8
------>
commit edfca991e38f07f1fde49e7e29ff12dfdfd24ea7
Author: Maxim Patlasov <mpatlasov@virtuozzo.com>
Date:   Wed Sep 21 17:50:05 2016 +0400

    ve/xattr/ext4: fix filtering trusted xattr while listing them
    
    Fixes commit 4f7ce4dd4741cb65df018028aaefedb298915aa6
    ("ve/xattr: allow to set trusted.xxx for container admin").
    Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
    
    The commit above relaxed capability check on setxattr path, but overlooked
    to do the same on getxattr path. Hence, container admin became able to set
    trusted xattrs, but not seeing them:
    
    # setfattr -h -n trusted.name file
    # echo $?
    0
    # getfattr -dm- file
    <empty-output>
    
    This broke generic/062 from xfstests.
    
    https://jira.sw.ru/browse/PSBM-51009
    
    Signed-off-by: Maxim Patlasov <mpatlasov@virtuozzo.com>
---
 fs/ext4/xattr_trusted.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c
index 95f1f4a..49dd83f 100644
--- a/fs/ext4/xattr_trusted.c
+++ b/fs/ext4/xattr_trusted.c
@@ -19,7 +19,7 @@  ext4_xattr_trusted_list(struct dentry *dentry, char *list, size_t list_size,
 	const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
 	const size_t total_len = prefix_len + name_len + 1;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!ve_capable(CAP_SYS_ADMIN))
 		return 0;
 
 	if (list && total_len <= list_size) {