[Devel] [PATCH 1/2] xattr: prohibit getxattr/setxattr trusted.pfcache

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Tue Sep 6 09:29:40 PDT 2016


We have same behaviour for trusted.pfcache in VZ6
(in CT set and get are prohibited) and want to preserve it
after we'll allow all other trusted.xxx in next patch.

https://jira.sw.ru/browse/PSBM-51102
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 fs/ext4/pfcache.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/ext4/pfcache.c b/fs/ext4/pfcache.c
index 5f2a3bd..ff2300b 100644
--- a/fs/ext4/pfcache.c
+++ b/fs/ext4/pfcache.c
@@ -654,6 +654,9 @@ static int ext4_xattr_trusted_csum_get(struct dentry *dentry, const char *name,
 	if (!test_opt2(inode->i_sb, PFCACHE_CSUM))
 		return -EOPNOTSUPP;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if (S_ISDIR(inode->i_mode))
 		return ext4_xattr_get(inode, EXT4_XATTR_INDEX_TRUSTED,
 				      EXT4_DATA_CSUM_NAME, buffer, size);
@@ -702,6 +705,9 @@ static int ext4_xattr_trusted_csum_set(struct dentry *dentry, const char *name,
 	if (!test_opt2(inode->i_sb, PFCACHE_CSUM))
 		return -EOPNOTSUPP;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if (S_ISDIR(inode->i_mode)) {
 		if (!value)
 			ext4_clear_inode_state(inode, EXT4_STATE_PFCACHE_CSUM);
-- 
2.5.5



More information about the Devel mailing list