xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN
authorDarrick J. Wong <darrick.wong@oracle.com>
Fri, 12 May 2017 17:44:10 +0000 (10:44 -0700)
committerDarrick J. Wong <darrick.wong@oracle.com>
Tue, 16 May 2017 19:26:16 +0000 (12:26 -0700)
commitea9a46e1c49251331dbfda19ced7114337966178
tree1b1f419d0d072a89b68c6af51a8e7cba9742eba1
parent892d2a5f705723b2cb488bfb38bcbdcf83273184
xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN

There were a number of handwaving complaints that one could "possibly"
use inode numbers and extent maps to fingerprint a filesystem hosting
multiple containers and somehow use the information to guess at the
contents of other containers and attack them.  Despite the total lack of
any demonstration that this is actually possible, it's easier to
restrict access now and broaden it later, so use the rmapbt fsmap
backends only if the caller has CAP_SYS_ADMIN.  Unprivileged users will
just have to make do with only getting the free space and static
metadata placement information.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
fs/xfs/xfs_fsmap.c