From: Dmitry Eremin <dmitry.eremin@xxxxxxxxx> Setting extended attributes permissions are properly checked with and without ACLs. In user.* namespace, only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. Signed-off-by: Dmitry Eremin <dmitry.eremin@xxxxxxxxx> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-1482 Reviewed-on: http://review.whamcloud.com/21496 Reviewed-by: John L. Hammond <john.hammond@xxxxxxxxx> Reviewed-by: Alex Zhuravlev <alexey.zhuravlev@xxxxxxxxx> Reviewed-by: Oleg Drokin <oleg.drokin@xxxxxxxxx> Signed-off-by: James Simmons <jsimmons@xxxxxxxxxxxxx> --- drivers/staging/lustre/lustre/llite/xattr.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 7a848eb..421cc04 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -132,6 +132,15 @@ static int xattr_type_filter(struct ll_sb_info *sbi, (!strcmp(name, "ima") || !strcmp(name, "evm"))) return -EOPNOTSUPP; + /* + * In user.* namespace, only regular files and directories can have + * extended attributes. + */ + if (handler->flags == XATTR_USER_T) { + if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) + return -EPERM; + } + sprintf(fullname, "%s%s\n", handler->prefix, name); rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags, -- 1.8.3.1 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
