[Devel] [PATCH RHEL7 COMMIT] ve: drop xattr policy toggle

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jun 3 05:44:09 PDT 2016


The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.11
------>
commit 942da1259b13f49cf10078a20442e98f7aaa1558
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date:   Fri Jun 3 16:44:09 2016 +0400

    ve: drop xattr policy toggle
    
    This toggle was introduced to solve this bug (rhel5-based kernels):
    
    https://bugs.openvz.org/browse/OVZ-6409
    
    The root of the bug briefly: customer could add immutable attribute to a file in
    a container, thus preventing container removal, becuase this attribute was
    bypassed (via simfs) to the actual file system.
    The toggle introduced 3-fold policy:
    1) "Allow": set of extended attrributes is granted (default in RHEL7 !!!)
    2) "Ignore": set of extended attributes is skipped (do nothing and return 0).
    3) "Forbid": set of extended attributes is not allowed.
    
    Maybe this approach was applicable to rhel5 kernel, but it's absolutely
    useless and harmful in rhel7 because:
    1) Current ve xattr policy is "Allow", thus it doesn't prevent to set
    immutable attribute.
    2) Immutable attribute is set via ioctl, and doesn't pass vfs_setxattr callback.
    3) Set of immutable attribute is protected by CAP_LINUX_IMMUTABLE, which is
    dropped in containers.
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
    
    khorenko@:
    * "fs.ve-xattr-policy" sysctl does not prohibit user from setting immutable
      atribute on files
    * immutable attribute on file does not prevent Container destroy for
      ploop-based Containers
    * we don't see any reasons now to prohibit managing extended file attributes
      (pfcache specific attributes cannot be managed from inside CT anyway)
    
    => let's clean the code
---
 fs/xattr.c                 | 9 ---------
 include/uapi/linux/xattr.h | 7 -------
 kernel/ve/veowner.c        | 8 --------
 3 files changed, 24 deletions(-)

diff --git a/fs/xattr.c b/fs/xattr.c
index df05b6a..3377dff 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -125,15 +125,6 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 	struct inode *inode = dentry->d_inode;
 	int error;
 
-#if defined(CONFIG_VE) && defined(CONFIG_SYSCTL)
-	if (!ve_is_super(get_exec_env())) {
-		if (ve_xattr_policy == VE_XATTR_POLICY_IGNORE)
-			return 0;
-		else if (ve_xattr_policy == VE_XATTR_POLICY_REJECT)
-			return -EPERM;
-	}
-#endif
-
 	error = xattr_permission(inode, name, MAY_WRITE);
 	if (error)
 		return error;
diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
index bb0c657..40bbc04 100644
--- a/include/uapi/linux/xattr.h
+++ b/include/uapi/linux/xattr.h
@@ -10,13 +10,6 @@
 #ifndef _UAPI_LINUX_XATTR_H
 #define _UAPI_LINUX_XATTR_H
 
-#ifdef CONFIG_VE
-extern int ve_xattr_policy;
-#define VE_XATTR_POLICY_ACCEPT 0
-#define VE_XATTR_POLICY_IGNORE 1
-#define VE_XATTR_POLICY_REJECT 2
-#endif
-
 #define XATTR_CREATE	0x1	/* set value, fail if attr already exists */
 #define XATTR_REPLACE	0x2	/* set value, fail if attr does not exist */
 
diff --git a/kernel/ve/veowner.c b/kernel/ve/veowner.c
index 1a7e735..005cdaf 100644
--- a/kernel/ve/veowner.c
+++ b/kernel/ve/veowner.c
@@ -52,7 +52,6 @@ static void prepare_proc(void)
  * OpenVZ sysctl
  * ------------------------------------------------------------------------
  */
-int ve_xattr_policy = VE_XATTR_POLICY_ACCEPT;
 static int ve_area_access_check;
 
 /*
@@ -72,13 +71,6 @@ static struct ctl_table vz_fs_table[] = {
 		.proc_handler	= proc_dointvec,
 	},
 	{
-		.procname	= "ve-xattr-policy",
-		.data		= &ve_xattr_policy,
-		.maxlen		= sizeof(int),
-		.mode		= 0644,
-		.proc_handler	= &proc_dointvec,
-	},
-	{
 		.procname	= "fsync-enable",
 		.data		= &ve0.fsync_enable,
 		.maxlen		= sizeof(int),


More information about the Devel mailing list