[Devel] [PATCH 2/2] xattr: allow to set trusted.xxx for container admin

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Wed Sep 7 12:13:50 PDT 2016


It seem to be used in shmemfs(shmem_listxattr) and cgroupfs(cgroupfs_listxattr) only, and every fs has its own list method, and some do not have capable() check.

Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

________________________________________
От: Konstantin Khorenko
Отправлено: 7 сентября 2016 г. 19:41:31
Кому: Pavel Tikhomirov
Копия: devel at openvz.org
Тема: Re: [PATCH 2/2] xattr: allow to set trusted.xxx for container admin

On 09/06/2016 07:29 PM, Pavel Tikhomirov wrote:
> Attributes trusted.xxx are used in userspace mechanisms
> which want to keep information in extended attributes to
> which ordinary process has no access.
>
> We can't check them all, but here is hope that such
> mechanisms on host and in CT won't intersect, because
> most likely we won't find the process from host which
> sets xattrs on container files through /vz/root/<ctid>,
> except the case with trusted.pfcache which is covered in
> previous patch.
>
> https://jira.sw.ru/browse/PSBM-51102
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
>  fs/xattr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 3377dff..d49ea1b 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -52,7 +52,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
>        * The trusted.* namespace can only be accessed by privileged users.
>        */
>       if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
> -             if (!capable(CAP_SYS_ADMIN))
> +             if (!ve_capable(CAP_SYS_ADMIN))
>                       return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
>               return 0;
>       }
>

why don't we need the same capable() -> ve_capable() in simple_xattr_list()?



More information about the Devel mailing list