The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after ark-5.14 ------> commit 688f7c347f638b7f9833bce084af48b8f3d50d77 Author: Andrew Vagin <ava...@openvz.org> Date: Fri Sep 24 15:48:48 2021 +0300
ve/fs: add ve_capable to check capabilities relative to the current VE We want to allow a few operations in VE. Currently we use nsown_capable, but it's wrong, because in this case we allow these operations in any user namespace. https://jira.sw.ru/browse/PSBM-39077 Signed-off-by: Andrew Vagin <ava...@virtuozzo.com> Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com> khorenko@: rebase to RHEL8 beta kernel notes: - dropped hunk in vfs_mknod(), ns_capable() already used there vvs@: rebase to rh8 kernel: - dropped ve_capable() in autofs due to mainline chacnges khorenko@: RHEL8.4 rebase notes: - the check in ext4_ioctl_setflags() has been substituted by a call to vfs_ioc_setflags_prepare(), so i've moved the check for ve_capable() there. This func is called in many other filesystems, but if those fs are accessible inside a Container - why not to allow _setflags() for all of them? So let it be. Rebased to vz9: - vfs_ioc_setflags_prepare API is obosleted by fileattr API added in 4c5b47997521 ("vfs: add fileattr ops is removed in ms commit") and later removed in 51db776a430e ("vfs: remove unused ioctl helpers") so drop fs/inode hunk and change ve_capable in fs/ioctl (cherry picked from vz8 commit 3f1f1522f6810901a5f4f1e3b729c6a569fda35e) Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com> --- fs/autofs/dev-ioctl.c | 2 +- fs/autofs/root.c | 2 +- fs/ext4/xattr_trusted.c | 2 +- fs/ioctl.c | 2 +- fs/namei.c | 2 +- fs/ocfs2/ioctl.c | 2 +- fs/open.c | 2 +- fs/proc/base.c | 2 +- fs/xattr.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/fs/autofs/dev-ioctl.c b/fs/autofs/dev-ioctl.c index 5bf781ea6d67..7efb5b533597 100644 --- a/fs/autofs/dev-ioctl.c +++ b/fs/autofs/dev-ioctl.c @@ -613,7 +613,7 @@ static int _autofs_dev_ioctl(unsigned int command, */ if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD && cmd != AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD && - !capable(CAP_SYS_ADMIN)) + !ve_capable(CAP_SYS_ADMIN)) return -EPERM; /* Copy the parameters into kernel space. */ diff --git a/fs/autofs/root.c b/fs/autofs/root.c index 91fe4548c256..696b5543aca6 100644 --- a/fs/autofs/root.c +++ b/fs/autofs/root.c @@ -872,7 +872,7 @@ static int autofs_root_ioctl_unlocked(struct inode *inode, struct file *filp, _IOC_NR(cmd) - _IOC_NR(AUTOFS_IOC_FIRST) >= AUTOFS_IOC_COUNT) return -ENOTTY; - if (!autofs_oz_mode(sbi) && !capable(CAP_SYS_ADMIN)) + if (!autofs_oz_mode(sbi) && !ve_capable(CAP_SYS_ADMIN)) return -EPERM; switch (cmd) { diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c index 7c21ffb26d25..7481ea17a61b 100644 --- a/fs/ext4/xattr_trusted.c +++ b/fs/ext4/xattr_trusted.c @@ -16,7 +16,7 @@ static bool ext4_xattr_trusted_list(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN); + return ve_capable(CAP_SYS_ADMIN); } static int diff --git a/fs/ioctl.c b/fs/ioctl.c index 1e2204fa9963..219b552b3c8c 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -799,7 +799,7 @@ static int fileattr_set_prepare(struct inode *inode, * the relevant capability. */ if ((fa->flags ^ old_ma->flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL) && - !capable(CAP_LINUX_IMMUTABLE)) + !ve_capable(CAP_LINUX_IMMUTABLE)) return -EPERM; err = fscrypt_prepare_setflags(inode, old_ma->flags, fa->flags); diff --git a/fs/namei.c b/fs/namei.c index 8eee5ad4ade5..47c0fe382a51 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -4349,7 +4349,7 @@ static int do_linkat(int olddfd, const char __user *oldname, int newdfd, * handlink using the passed filedescriptor. */ if (flags & AT_EMPTY_PATH) { - if (!capable(CAP_DAC_READ_SEARCH)) + if (!ve_capable(CAP_DAC_READ_SEARCH)) return -ENOENT; how = LOOKUP_EMPTY; } diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c index f59461d85da4..f866f11fc205 100644 --- a/fs/ocfs2/ioctl.c +++ b/fs/ocfs2/ioctl.c @@ -113,7 +113,7 @@ int ocfs2_fileattr_set(struct user_namespace *mnt_userns, /* Check already done by VFS, but repeat with ocfs lock */ status = -EPERM; if ((flags ^ oldflags) & (FS_APPEND_FL | FS_IMMUTABLE_FL) && - !capable(CAP_LINUX_IMMUTABLE)) + !ve_capable(CAP_LINUX_IMMUTABLE)) goto bail_unlock; handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS); diff --git a/fs/open.c b/fs/open.c index 8e8c676005cb..21c941193783 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1363,7 +1363,7 @@ SYSCALL_DEFINE3(close_range, unsigned int, fd, unsigned int, max_fd, */ SYSCALL_DEFINE0(vhangup) { - if (capable(CAP_SYS_TTY_CONFIG)) { + if (ve_capable(CAP_SYS_TTY_CONFIG)) { tty_vhangup_self(); return 0; } diff --git a/fs/proc/base.c b/fs/proc/base.c index e91b5145d92f..b0afbb1ab317 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1073,7 +1073,7 @@ static int __set_oom_adj(struct file *file, int oom_adj, bool legacy) mutex_lock(&oom_adj_mutex); if (legacy) { if (oom_adj < task->signal->oom_score_adj && - !capable(CAP_SYS_RESOURCE)) { + !ve_capable(CAP_SYS_RESOURCE)) { err = -EACCES; goto err_unlock; } diff --git a/fs/xattr.c b/fs/xattr.c index 5c8c5175b385..be887a6543fa 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -114,7 +114,7 @@ xattr_permission(struct user_namespace *mnt_userns, struct inode *inode, * The trusted.* namespace can only be accessed by privileged users. */ if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { - if (!capable(CAP_SYS_ADMIN)) + if (!ve_capable(CAP_SYS_ADMIN)) return (mask & MAY_WRITE) ? -EPERM : -ENODATA; return 0; } _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel