Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1915826pxj; Sun, 30 May 2021 07:21:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4xLLx0wv5jv6NAUhRR0AdTqwqqx4EZJCs/zipjeXvR7mBU22XTsHz0rezzgoHQaSi+jMk X-Received: by 2002:a05:6e02:1085:: with SMTP id r5mr7393769ilj.276.1622384496026; Sun, 30 May 2021 07:21:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622384496; cv=none; d=google.com; s=arc-20160816; b=kT5+GVvNsEi5O7S3CDS1g/WRt78TP7a5P94fI+S4HjDiFm3AxgOJR+TyerIqSLsg9R ZE/AZ/7f1dxWoFrY3FHCw4TBsdTbkcrMGNVPpePjjmNtWvD3gGGbBY3QpWXb38epRkvn d8bGGxRHx5ARmDeRATCvBc+umDmzVHMzFrvjTB3A7GFk19vjamQ58UpUqBCYKYZ0xvo3 y8VVk8Ey5YC7c7w0MxFR1fgoi6G3wvIwLD27aN3pqDIcSYQOtsfSPFkeYPozjadN/f6V l6T6CvMd8/EVg1tz+juXw/cexQl+/xPbG3vZKh69uOpQSybhksKMvGyZcCEP18qiCyVr 2KFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:mime-version :dkim-signature; bh=DdHInFa66V3Wy3Vg9xusxyAkm3LkcQGinNchIVa5evA=; b=echcW3SEAq6zWaV+/dYQqWZpayhzId+ucKukRPENb6LtuC+ZiMCJuVtGETNNjpROWr P/ef0Nxa+SZhkJhIo/SwdTDydjBEMOqDKlKQA+cPSEPtp/Z4jrx+OypJ9bWju7OdBeXY wKXNu+eMsBxwnrjEY+Y820yPZaWELNoXq+nwRL3ZQCoZIg2QCBB3KPHYCByivkjbBB52 neKk5b3BB93QgmL6u+wuYJVJIq72A1Wtt72Pm/jCzDKWW1CpIzNm/BCaksHOPC2divLV e7TYpGB7rm8zO2PQe7gE42fDONiiCD9ps2WAEwrJ3QEOtFYKPlGYoryiOy9cJiXM6fRa 0Bog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=D+mxa9JP; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g10si13017870iow.86.2021.05.30.07.21.03; Sun, 30 May 2021 07:21:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=D+mxa9JP; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229599AbhE3OWi (ORCPT + 99 others); Sun, 30 May 2021 10:22:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229500AbhE3OWi (ORCPT ); Sun, 30 May 2021 10:22:38 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00269C061574 for ; Sun, 30 May 2021 07:20:59 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id b9so12512680ejc.13 for ; Sun, 30 May 2021 07:20:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=DdHInFa66V3Wy3Vg9xusxyAkm3LkcQGinNchIVa5evA=; b=D+mxa9JP6OI3l8hOcLZiYolozQZZ0gHFvgVbZkjKKJ16+tnB0UrStROpyHC7Q0bjxn 4SfQ+xT/fIEri9CUkGQziBGQtit3b1ZKung8Jjr38Avuex5jLGzAkLVGnurSX8LxqSm/ pHwIqvv/oBJn8oPN01sxHxqlaPKWzaE+R5eYRjVhbsScqGwPHH+Ou1meBoW6KZ4wUYmC GffnjY3rcWy8fGZWtO1jc8R0fIqYwdH74Q8HlWdX97Na+zM84hxSEwD1cO0eS3eORLs9 EUN0eXcw5SC7VfcsP9OJ1ixJWBZpWV6CT/HY4Z9TdGaxvX1+RJCkvjnjp92Ar3DaaN+w hNug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DdHInFa66V3Wy3Vg9xusxyAkm3LkcQGinNchIVa5evA=; b=AKZlaq9GHWUOAr1ATfSLP9i/pHODg7yDEsHEa3TfSne2yUB1keBRg8u2cK2V0kBtV3 GdAqGYN+kWRteCbfX3SewSx/E7+2RqRdQHd674BRBCPOL7PO6mYvUD8PkJhE1rrcaXYW cHh/pwAzxQUUfIoP5M/QZbfeOudU08wmatUNaTi1rjvAN4hdLoyjEk9ueNfFkq8kxeJV 9AXfnB4ckOcWwJGxZvzjOgudHcdEHlIXh9rT+ybdt24eG7zTGfE2bmnrXO/Vowy0FtnC NckgRz/nvWRv1XYjQatDp8m4PEyQGvHO5WiQnVxMbnzptSfpOC9Vk6VeJ6gxZg++4Xog mBNw== X-Gm-Message-State: AOAM5302NmBiwdRaUGuMuLhRLWALRVtkqe5xkVtXQuRx5WopkDMeYCaq Pkbsh9aJB6znJ+0fHSS5SFrz7WoBhYRLBXNgCv8= X-Received: by 2002:a17:906:c0c6:: with SMTP id bn6mr17666209ejb.436.1622384458490; Sun, 30 May 2021 07:20:58 -0700 (PDT) MIME-Version: 1.0 From: tianyu zhou Date: Sun, 30 May 2021 22:20:48 +0800 Message-ID: Subject: Check for CAP_SYS_ADMIN before thaw/freeze block device To: "Theodore Ts'o" , Andreas Dilger , linux-ext4@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Hi, from commit "fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems" (SHA: f3f1a18330ac1b717cd7a32adff38d965f365aa2), I learned that "The user in control of a super block should be allowed to freeze and thaw it". However, unlike ioctl_fsthaw and ioctl_fsfreeze which use ns_capable to check CAP_SYS_ADMIN in super block's user ns, function thaw_bdev and freeze_bdev in fs/block_dev.c also do the same thaw/freeze operation to super block, with no check for CAP_SYS_ADMIN. I searched these two functions' callers, and found there are check for CAP_SYS_ADMIN before the callers call them, however, the check is using capable which is inconsistent with the the commit I mentioned earlier. Here is an example: ----------------------------- // fs/ext4/ioctl.c static int ext4_shutdown(struct super_block *sb, unsigned long arg) { ... if (!capable(CAP_SYS_ADMIN)) return -EPERM; ... switch (flags) { case EXT4_GOING_FLAGS_DEFAULT: freeze_bdev(sb->s_bdev); ----------------------------- So it is possible to change this kind of CAP_SYS_ADMIN check from capable() to ns_capable() to keep consistency with the former commit? Thanks! Best regards, Tianyu