* [PATCH] xfs: v2 change the immutable in xfs_open_by_handle
@ 2013-09-10 22:36 Mark Tinguely
0 siblings, 0 replies; only message in thread
From: Mark Tinguely @ 2013-09-10 22:36 UTC (permalink / raw)
To: xfs; +Cc: Greg Banks
[-- Attachment #1: v2-xfs-change-immutable-in-xfs_open_by_handle.patch --]
[-- Type: text/plain, Size: 1023 bytes --]
This patch allows clients like DMF to modify an immutable file
without changing the immutable capability on the file, which
would expose the file to change.
This patch is restricted to holders of the CAP_LINUX_IMMUTABLE,
so no addition security risk has been introduced.
Signed-off-by: Greg Banks <gbanks@sgi.com>
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
---
v1->v2 fix the FMODE_WRITE test.
fs/xfs/xfs_ioctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: b/fs/xfs/xfs_ioctl.c
===================================================================
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -237,7 +237,9 @@ xfs_open_by_handle(
goto out_dput;
}
- if ((fmode & FMODE_WRITE) && IS_IMMUTABLE(inode)) {
+ if ((fmode & FMODE_WRITE) &&
+ IS_IMMUTABLE(inode) &&
+ !capable(CAP_LINUX_IMMUTABLE)) {
error = -XFS_ERROR(EACCES);
goto out_dput;
}
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-09-10 22:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-10 22:36 [PATCH] xfs: v2 change the immutable in xfs_open_by_handle Mark Tinguely
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox