xfs
[Top] [All Lists]

Re: [PATCH v8 6/7] xfs: add capability check to free eofblocks ioctl

To: Dwight Engen <dwight.engen@xxxxxxxxxx>
Subject: Re: [PATCH v8 6/7] xfs: add capability check to free eofblocks ioctl
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Fri, 2 Aug 2013 11:47:25 +1000
Cc: xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20130801113020.0d43302f@xxxxxxxxxx>
References: <20130801113020.0d43302f@xxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Thu, Aug 01, 2013 at 11:30:20AM -0400, Dwight Engen wrote:
> Check for CAP_SYS_ADMIN since the caller can truncate preallocated
> blocks from files they do not own nor have write access to. A more
> fine grained access check was considered: require the caller to
> specify their own uid/gid and to use inode_permission to check for
> write, but this would not catch the case of an inode not reachable
> via path traversal from the callers mount namespace.
> 
> Add check for read-only filesystem to free eofblocks ioctl.
> 
> Signed-off-by: Dwight Engen <dwight.engen@xxxxxxxxxx>

looks good.

Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>

-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>