The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.41
------>
commit 9b8a9ef3c0d5944972f2ca1604c830a159e5d454
Author: Andrey Zhadchenko <[email protected]>
Date: Fri Jun 11 19:56:47 2021 +0300
commoncap: relax setxattr and removxattr checks
Allow user to set security xattr (XATTR_SECURITY_PREFIX) from the inside
of ve on external mounts (for example, root).
https://jira.sw.ru/browse/PSBM-122071
Signed-off-by: Andrey Zhadchenko <[email protected]>
Cherry-picked from vz7 commit d92402f6a7c9 ("commoncap: relax setxattr and
removxattr checks")
Signed-off-by: Valeriy Vdovin <[email protected]>
---
security/commoncap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index f398be260d12..6c3eeb696a43 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -934,7 +934,8 @@ int cap_inode_setxattr(struct dentry *dentry, const char
*name,
return 0;
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
- return -EPERM;
+ if (!ve_capable(CAP_SYS_ADMIN))
+ return -EPERM;
return 0;
}
@@ -969,7 +970,8 @@ int cap_inode_removexattr(struct dentry *dentry, const char
*name)
}
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
- return -EPERM;
+ if (!ve_capable(CAP_SYS_ADMIN))
+ return -EPERM;
return 0;
}
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
