| To: | Dwight Engen <dwight.engen@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH v8 6/7] xfs: add capability check to free eofblocks ioctl |
| From: | Dave Chinner <david@xxxxxxxxxxxxx> |
| Date: | Fri, 2 Aug 2013 11:47:25 +1000 |
| Cc: | xfs@xxxxxxxxxxx |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <20130801113020.0d43302f@xxxxxxxxxx> |
| References: | <20130801113020.0d43302f@xxxxxxxxxx> |
| User-agent: | Mutt/1.5.21 (2010-09-15) |
On Thu, Aug 01, 2013 at 11:30:20AM -0400, Dwight Engen wrote: > Check for CAP_SYS_ADMIN since the caller can truncate preallocated > blocks from files they do not own nor have write access to. A more > fine grained access check was considered: require the caller to > specify their own uid/gid and to use inode_permission to check for > write, but this would not catch the case of an inode not reachable > via path traversal from the callers mount namespace. > > Add check for read-only filesystem to free eofblocks ioctl. > > Signed-off-by: Dwight Engen <dwight.engen@xxxxxxxxxx> looks good. Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx> -- Dave Chinner david@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH v8 3/7] xfs: ioctl check for capabilities in the current user namespace, Dave Chinner |
|---|---|
| Next by Date: | Re: [PATCH v8 7/7] enable building user namespace with xfs, Dave Chinner |
| Previous by Thread: | Re: [PATCH v8 6/7] xfs: add capability check to free eofblocks ioctl, Brian Foster |
| Next by Thread: | Re: [PATCH v8 6/7] xfs: add capability check to free eofblocks ioctl, Gao feng |
| Indexes: | [Date] [Thread] [Top] [All Lists] |