The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.8
------>
commit edfca991e38f07f1fde49e7e29ff12dfdfd24ea7
Author: Maxim Patlasov <mpatla...@virtuozzo.com>
Date:   Wed Sep 21 17:50:05 2016 +0400

    ve/xattr/ext4: fix filtering trusted xattr while listing them
    
    Fixes commit 4f7ce4dd4741cb65df018028aaefedb298915aa6
    ("ve/xattr: allow to set trusted.xxx for container admin").
    Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    
    The commit above relaxed capability check on setxattr path, but overlooked
    to do the same on getxattr path. Hence, container admin became able to set
    trusted xattrs, but not seeing them:
    
    # setfattr -h -n trusted.name file
    # echo $?
    0
    # getfattr -dm- file
    <empty-output>
    
    This broke generic/062 from xfstests.
    
    https://jira.sw.ru/browse/PSBM-51009
    
    Signed-off-by: Maxim Patlasov <mpatla...@virtuozzo.com>
---
 fs/ext4/xattr_trusted.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c
index 95f1f4a..49dd83f 100644
--- a/fs/ext4/xattr_trusted.c
+++ b/fs/ext4/xattr_trusted.c
@@ -19,7 +19,7 @@ ext4_xattr_trusted_list(struct dentry *dentry, char *list, 
size_t list_size,
        const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN;
        const size_t total_len = prefix_len + name_len + 1;
 
-       if (!capable(CAP_SYS_ADMIN))
+       if (!ve_capable(CAP_SYS_ADMIN))
                return 0;
 
        if (list && total_len <= list_size) {
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to