The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.44
------>
commit 8aa6d07d2dc4d0388f145b497514587ffd905e65
Author: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
Date: Wed Nov 18 11:48:48 2020 +0300
commoncap: relax setxattr and removxattr checks
Allow user to set security xattr (XATTR_SECURITY_PREFIX) from the inside
of ve on external mounts (for example, root).
https://jira.sw.ru/browse/PSBM-122071
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
security/commoncap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index 6ce7b51..98d6a10 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -912,7 +912,8 @@ int cap_inode_setxattr(struct dentry *dentry, const char
*name,
return 0;
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
- return -EPERM;
+ if (!ve_capable(CAP_SYS_ADMIN))
+ return -EPERM;
return 0;
}
@@ -947,7 +948,8 @@ int cap_inode_removexattr(struct dentry *dentry, const char
*name)
}
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
- return -EPERM;
+ if (!ve_capable(CAP_SYS_ADMIN))
+ return -EPERM;
return 0;
}
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
