Re: [Vserver] Immutable files and chattr

Fri, 14 May 2004 16:03:16 -0700 

Sorry - this was vs1.26.

I changed my fs/ext3/ioctl.c like this:

--- fs/ext3/ioctl.c.orig        2004-05-14 18:56:21.000000000 -0400
+++ fs/ext3/ioctl.c     2004-05-14 18:44:22.000000000 -0400
@@ -47,6 +47,10 @@
                /* The JOURNAL_DATA flag is modifiable only by root */
                jflag = flags & EXT3_JOURNAL_DATA_FL;

+                /* Immutable files cannot be changed */
+                if (oldflags & flags & EXT3_IMMUTABLE_FILE_FL)
+                        return -EPERM;
+
                /*
                 * The IMMUTABLE_* and APPEND_ONLY flags can only be changed
                 * by the relevant capability.

This seems to give the "expected" behaviour. I think the fix for ext2 is
identical, and I didn't look at reiserfs or any other filesystem.

Anyway, hopefully this is at list a little bit helpful :-)

Grisha


On Fri, 14 May 2004, Herbert Poetzl wrote:

> On Fri, May 14, 2004 at 05:12:34PM -0400, Gregory (Grisha) Trubetskoy wrote:
> >
> > It looks like the attributes that do not require CAP_LINUX_IMMUTABLE (i.e.
> > anything except IMMUTABLE_[FILE|LINK]FL and APPEND_FL) can by modified by
> > root from within a vserver:
> >
> > ]# vserver grisha enter
> > ipv4root is now 192.168.1.33
> > New security context is 10033
> > [EMAIL PROTECTED]:grisha /]lsattr /bin/ls
> > ----i------t- /bin/ls
> > [EMAIL PROTECTED]:grisha /]chattr +d /bin/ls
> > [EMAIL PROTECTED]:grisha /]lsattr /bin/ls
> > ----i-d----t- /bin/ls
> >
> > I'm not sure this is workng "as expected". It seems that an immutable file
> > should be immutable including attribute changes. This doesn't seem like a
>
> yep, should not be allowed ...
> at least not on 'unified' files (i.e. with immutable set)
>
> please, always include some basic system information
> like kernel version, patch version, etc ...
>
> TIA,
> Herbert
>
> > VServer, but rather a general Linux problem, but I wonder if the VServer
> > patches should insist that immutability includes flag changing.
> >
> > Grisha
> > _______________________________________________
> > Vserver mailing list
> > [EMAIL PROTECTED]
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to