From 07b71df1496b602ca36af42a6e217cde7ba6902c Mon Sep 17 00:00:00 2001 From: Dmitry Eremin Date: Sat, 28 Jan 2017 19:04:57 -0500 Subject: [PATCH] staging: lustre: llite: Setting xattr are properly checked with and without ACLs Setting extended attributes permissions are properly checked with and without ACLs. In user.* namespace, only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. Signed-off-by: Dmitry Eremin Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-1482 Reviewed-on: http://review.whamcloud.com/21496 Reviewed-by: John L. Hammond Reviewed-by: Alex Zhuravlev Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lustre/lustre/llite/xattr.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 7a848ebc57c1..421cc04ecf1e 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -132,6 +132,15 @@ ll_xattr_set_common(const struct xattr_handler *handler, (!strcmp(name, "ima") || !strcmp(name, "evm"))) return -EOPNOTSUPP; + /* + * In user.* namespace, only regular files and directories can have + * extended attributes. + */ + if (handler->flags == XATTR_USER_T) { + if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) + return -EPERM; + } + sprintf(fullname, "%s%s\n", handler->prefix, name); rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags, -- 2.20.1