Need it to be able to rsync xattrs for encripted containers which have pfcache_csum disabled on superblock.
When there is no PFCACHE_CSUM on superblock or we are not capable(CAP_SYS_ADMIN), we do not allow get/set trusted.pfcache. So hide trusted.pfcache from list also in thouse two cases. Tested that: list/get xattr "trusted.pfcache" is OK on file setxattred on vz7.17.11 kernel, xattr entry on which had wrong e_name_index (reverted EXT4_XATTR_INDEX_TRUSTED_CSUM), works as there is no such entry at all. As in ext4_xattr_list_entries -> ext4_xattr_handler where is special check for it. v2: do checks in ext4_xattr_trusted_list which is used for listing trusted.xxx xattrs https://jira.sw.ru/browse/PSBM-52180 Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> --- fs/ext4/xattr_trusted.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c index 49dd83f..131b6b8 100644 --- a/fs/ext4/xattr_trusted.c +++ b/fs/ext4/xattr_trusted.c @@ -19,6 +19,11 @@ ext4_xattr_trusted_list(struct dentry *dentry, char *list, size_t list_size, const size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN; const size_t total_len = prefix_len + name_len + 1; + if (!strcmp(name, EXT4_DATA_CSUM_NAME) && + (!capable(CAP_SYS_ADMIN) || + !test_opt2(dentry->d_inode->i_sb, PFCACHE_CSUM))) + return 0; + if (!ve_capable(CAP_SYS_ADMIN)) return 0; -- 2.5.5 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel