[Devel] [PATCH 2/2] xattr: allow to set trusted.xxx for container admin
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Sep 6 09:29:41 PDT 2016
Attributes trusted.xxx are used in userspace mechanisms
which want to keep information in extended attributes to
which ordinary process has no access.
We can't check them all, but here is hope that such
mechanisms on host and in CT won't intersect, because
most likely we won't find the process from host which
sets xattrs on container files through /vz/root/<ctid>,
except the case with trusted.pfcache which is covered in
previous patch.
https://jira.sw.ru/browse/PSBM-51102
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
fs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 3377dff..d49ea1b 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -52,7 +52,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
* The trusted.* namespace can only be accessed by privileged users.
*/
if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
- if (!capable(CAP_SYS_ADMIN))
+ if (!ve_capable(CAP_SYS_ADMIN))
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
return 0;
}
--
2.5.5
More information about the Devel
mailing list