Return -ENODATA when trying to read a user.* attribute which cannot
exist: user space otherwise does not have a reasonable way to
distinguish between non-existent and inaccessible attributes.
Likewise, return -ENODATA when an unprivileged process tries to read a
trusted.* attribute: to unprivileged processes, those attributes are
invisible (listxattr() won't include them).
Related to this bug report: https://bugzilla.redhat.com/660613
Signed-off-by: Andreas Gruenbacher <[email protected]>
---
fs/xattr.c | 16 ++++++++++------
1 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index f1ef949..4be2e76 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -46,18 +46,22 @@ xattr_permission(struct inode *inode, const char *name, int mask)
return 0;
/*
- * The trusted.* namespace can only be accessed by a privileged user.
+ * The trusted.* namespace can only be accessed by privileged users.
*/
- if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
- return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
+ if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
+ if (!capable(CAP_SYS_ADMIN))
+ return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
+ return 0;
+ }
- /* In user.* namespace, only regular files and directories can have
+ /*
+ * In the user.* namespace, only regular files and directories can have
* extended attributes. For sticky directories, only the owner and
- * privileged user can write attributes.
+ * privileged users can write attributes.
*/
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
- return -EPERM;
+ return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
(mask & MAY_WRITE) && !inode_owner_or_capable(inode))
return -EPERM;
--
1.7.1
On Fri, May 27, 2011 at 02:50:36PM +0200, Andreas Gruenbacher wrote:
> Return -ENODATA when trying to read a user.* attribute which cannot
> exist: user space otherwise does not have a reasonable way to
> distinguish between non-existent and inaccessible attributes.
>
> Likewise, return -ENODATA when an unprivileged process tries to read a
> trusted.* attribute: to unprivileged processes, those attributes are
> invisible (listxattr() won't include them).
This breaks xfstests 062. It would also be very useful to send VFS
patches to linux-fsdevel, btw.
On Mon, 2011-06-20 at 04:09 -0400, Christoph Hellwig wrote:
> On Fri, May 27, 2011 at 02:50:36PM +0200, Andreas Gruenbacher wrote:
> > Return -ENODATA when trying to read a user.* attribute which cannot
> > exist: user space otherwise does not have a reasonable way to
> > distinguish between non-existent and inaccessible attributes.
> >
> > Likewise, return -ENODATA when an unprivileged process tries to read a
> > trusted.* attribute: to unprivileged processes, those attributes are
> > invisible (listxattr() won't include them).
>
> This breaks xfstests 062.
The test does a "getfattr -n <name> <file>" for an attribute which
cannot exist. The kernel now returns ENODATA instead of the previous
EPERM.
One way to fix this in xfstests is to use listxattr(2) instead of
getxattr(2), e.g.,
- getfattr -m $nsp -n $nsp.name2 $SCRATCH_MNT/$inode
+ getfattr -m $nsp.name2 $SCRATCH_MNT/$inode
Another is to accept ENODATA as well as EPERM. Not sure which is preferable.
Andreas