Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client

Pull ceph fix from Ilya Dryomov: "Add missing capability checks in rbd, marked for stable" * tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client: rbd: require global CAP_SYS_ADMIN for mapping and unmapping

Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client
Pull ceph fix from Ilya Dryomov: "Add missing capability checks in rbd, marked for stable" * tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client: rbd: require global CAP_SYS_ADMIN for mapping and unmapping
729e3d09 · Linus Torvalds · e9287bd2 · f44d04e6 · 729e3d09
Commit 729e3d09 authored Sep 11, 2020 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

drivers/block/rbd.c drivers/block/rbd.c +12 -0

No files found.
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -5120,6 +5120,9 @@ static ssize_t rbd_config_info_show(struct device *dev,
 {
 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	return sprintf(buf, "%s\n", rbd_dev->config_info);
 }

@@ -5231,6 +5234,9 @@ static ssize_t rbd_image_refresh(struct device *dev,
 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
 	int ret;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	ret = rbd_dev_refresh(rbd_dev);
 	if (ret)
 		return ret;
@@ -7059,6 +7065,9 @@ static ssize_t do_rbd_add(struct bus_type *bus,
 	struct rbd_client *rbdc;
 	int rc;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if (!try_module_get(THIS_MODULE))
 		return -ENODEV;

@@ -7209,6 +7218,9 @@ static ssize_t do_rbd_remove(struct bus_type *bus,
 	bool force = false;
 	int ret;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	dev_id = -1;
 	opt_buf[0] = '\0';
 	sscanf(buf, "%d %5s", &dev_id, opt_buf);