[Devel] [PATCH rh7] ext4: fix filtering trusted xattr
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Sep 20 23:56:18 PDT 2016
We have same check in ext2_xattr_trusted_list, ext3_xattr_trusted_list,
hfsplus_listxattr and more, all together ~15 places. Do we need list
only on ext4? Maybe we can be good with only getxattr allowed without list?
On 09/21/2016 01:56 AM, Maxim Patlasov wrote:
> Commit 4f7ce4dd4741cb65df018028aaefedb298915aa6:
>
> Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ve/xattr: allow to set trusted.xxx for container admin
>
> relaxed capability check on setxattr path, but overlooked
> to do the same on getxattr path. Hence, container admin
> became able to set trusted xattrs, but not seeing them:
>
> # setfattr -h -n trusted.name file
> # echo $?
> 0
> # getfattr -dm- file
> <empty-output>
>
> This broke generic/062 from xfstests.
>
> https://jira.sw.ru/browse/PSBM-51009
>
> Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
> ---
> fs/ext4/xattr_trusted.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c
> index 95f1f4a..49dd83f 100644
> --- a/fs/ext4/xattr_trusted.c
> +++ b/fs/ext4/xattr_trusted.c
> @@ -19,7 +19,7 @@ ext4_xattr_trusted_list(struct dentry *dentry, char *list, size_t list_size,
> const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
> const size_t total_len = prefix_len + name_len + 1;
>
> - if (!capable(CAP_SYS_ADMIN))
> + if (!ve_capable(CAP_SYS_ADMIN))
> return 0;
>
> if (list && total_len <= list_size) {
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list