[Devel] [PATCH RHEL7 COMMIT] ve/xattr/ext4: fix filtering trusted xattr while listing them
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Sep 21 06:50:05 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.8
------>
commit edfca991e38f07f1fde49e7e29ff12dfdfd24ea7
Author: Maxim Patlasov <mpatlasov at virtuozzo.com>
Date: Wed Sep 21 17:50:05 2016 +0400
ve/xattr/ext4: fix filtering trusted xattr while listing them
Fixes commit 4f7ce4dd4741cb65df018028aaefedb298915aa6
("ve/xattr: allow to set trusted.xxx for container admin").
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
The commit above relaxed capability check on setxattr path, but overlooked
to do the same on getxattr path. Hence, container admin became able to set
trusted xattrs, but not seeing them:
# setfattr -h -n trusted.name file
# echo $?
0
# getfattr -dm- file
<empty-output>
This broke generic/062 from xfstests.
https://jira.sw.ru/browse/PSBM-51009
Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
---
fs/ext4/xattr_trusted.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c
index 95f1f4a..49dd83f 100644
--- a/fs/ext4/xattr_trusted.c
+++ b/fs/ext4/xattr_trusted.c
@@ -19,7 +19,7 @@ ext4_xattr_trusted_list(struct dentry *dentry, char *list, size_t list_size,
const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
const size_t total_len = prefix_len + name_len + 1;
- if (!capable(CAP_SYS_ADMIN))
+ if (!ve_capable(CAP_SYS_ADMIN))
return 0;
if (list && total_len <= list_size) {
More information about the Devel
mailing list