Commit 07b71df1 authored by Dmitry Eremin's avatar Dmitry Eremin Committed by Greg Kroah-Hartman

staging: lustre: llite: Setting xattr are properly checked with and without ACLs

Setting extended attributes permissions are properly checked with and
without ACLs. In user.* namespace, only regular files and directories
can have extended attributes. For sticky directories, only the owner
and privileged user can write attributes.
Signed-off-by: default avatarDmitry Eremin <dmitry.eremin@intel.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-1482
Reviewed-on: http://review.whamcloud.com/21496Reviewed-by: default avatarJohn L. Hammond <john.hammond@intel.com>
Reviewed-by: default avatarAlex Zhuravlev <alexey.zhuravlev@intel.com>
Reviewed-by: default avatarOleg Drokin <oleg.drokin@intel.com>
Signed-off-by: default avatarJames Simmons <jsimmons@infradead.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent aad88bde
...@@ -132,6 +132,15 @@ ll_xattr_set_common(const struct xattr_handler *handler, ...@@ -132,6 +132,15 @@ ll_xattr_set_common(const struct xattr_handler *handler,
(!strcmp(name, "ima") || !strcmp(name, "evm"))) (!strcmp(name, "ima") || !strcmp(name, "evm")))
return -EOPNOTSUPP; return -EOPNOTSUPP;
/*
* In user.* namespace, only regular files and directories can have
* extended attributes.
*/
if (handler->flags == XATTR_USER_T) {
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
return -EPERM;
}
sprintf(fullname, "%s%s\n", handler->prefix, name); sprintf(fullname, "%s%s\n", handler->prefix, name);
rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode),
valid, fullname, pv, size, 0, flags, valid, fullname, pv, size, 0, flags,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment