xfs
[Top] [All Lists]

Re: [PATCH v7 6/7] xfs: add capable check to free eofblocks ioctl

To: Dwight Engen <dwight.engen@xxxxxxxxxx>
Subject: Re: [PATCH v7 6/7] xfs: add capable check to free eofblocks ioctl
From: Gao feng <gaofeng@xxxxxxxxxxxxxx>
Date: Wed, 31 Jul 2013 15:14:12 +0800
Cc: xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20130729230705.128e4509@xxxxxxxxxx>
References: <20130729230705.128e4509@xxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7
On 07/30/2013 11:07 AM, Dwight Engen wrote:
> Check for CAP_SYS_ADMIN since the caller can truncate preallocated
> blocks from files they do not own nor have write access to. A more
> fine grained access check was considered: require the caller to
> specify their own uid/gid and to use inode_permission to check for
> write, but this would not catch the case of an inode not reachable
> via path traversal from the callers mount namespace.
> 
> Add check for read-only filesystem to free eofblocks ioctl.
> 
> Signed-off-by: Dwight Engen <dwight.engen@xxxxxxxxxx>
> ---

Reviewed-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>

<Prev in Thread] Current Thread [Next in Thread>