On Fri, Jun 25, 2021 at 03:12:29PM -0400, Vivek Goyal wrote: > As of now user.* xattrs are allowed only on regular files and directories. > And in case of directories if sticky bit is set, then it is allowed > only if caller is owner or has CAP_FOWNER. > > "man xattr" suggests that primary reason behind this restrcition is that > users can set unlimited amount of "user.*" xattrs on symlinks and special > files and bypass quota checks. Following is from man page. > > "These differences would allow users to consume filesystem resources in > a way not controllable by disk quotas for group or world writable spe‐ > cial files and directories" > > Capability CAP_SYS_RESOURCE allows for overriding disk quota limits. If > being able to bypass quota is primary reason behind these restrictions, > can we relax these restrictions if caller has CAP_SYS_RESOURCE. > > Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx> > --- I think this change is fine especially since it seems to solve a real problem there since it prevents relabeling for virtiofsd.
