[Devel] [PATCH RHEL7 COMMIT] overlayfs: relax capable check for trusted prefix xattrs
Vasily Averin
vvs at virtuozzo.com
Wed Jan 13 13:25:35 MSK 2021
The commit is pushed to "branch-rh7-3.10.0-1160.11.1.vz7.172.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.11.1.vz7.172.9
------>
commit 2a2b9806906460afcddda2cd273a9933504ee8b9
Author: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
Date: Wed Jan 13 13:25:35 2021 +0300
overlayfs: relax capable check for trusted prefix xattrs
ovl_listxattr() additionally check if attributes can be shown to user by
calling capable(). Change it to ve_capable() to avoid problems in containers.
https://jira.sw.ru/browse/PSBM-124532
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
fs/overlayfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 5d38014..2d7d5a7 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -366,7 +366,7 @@ static bool ovl_can_list(const char *s)
return true;
/* Never list trusted.overlay, list other trusted for superuser only */
- return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
+ return !ovl_is_private_xattr(s) && ve_capable(CAP_SYS_ADMIN);
}
ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
More information about the Devel
mailing list