[Devel] [PATCH rh7] ext4: fix filtering trusted xattr

Maxim Patlasov mpatlasov at virtuozzo.com
Tue Sep 20 15:56:43 PDT 2016


Commit 4f7ce4dd4741cb65df018028aaefedb298915aa6:

Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
ve/xattr: allow to set trusted.xxx for container admin

relaxed capability check on setxattr path, but overlooked
to do the same on getxattr path. Hence, container admin
became able to set trusted xattrs, but not seeing them:

# setfattr -h -n trusted.name file
# echo $?
0
# getfattr -dm- file
<empty-output>

This broke generic/062 from xfstests.

https://jira.sw.ru/browse/PSBM-51009

Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
---
 fs/ext4/xattr_trusted.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c
index 95f1f4a..49dd83f 100644
--- a/fs/ext4/xattr_trusted.c
+++ b/fs/ext4/xattr_trusted.c
@@ -19,7 +19,7 @@ ext4_xattr_trusted_list(struct dentry *dentry, char *list, size_t list_size,
 	const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
 	const size_t total_len = prefix_len + name_len + 1;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!ve_capable(CAP_SYS_ADMIN))
 		return 0;
 
 	if (list && total_len <= list_size) {



More information about the Devel mailing list