staging/lustre/llite: deny non-root user for changelog operations
authorNiu Yawei <yawei.niu@intel.com>
Mon, 14 Sep 2015 22:41:23 +0000 (18:41 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 15 Sep 2015 13:26:53 +0000 (06:26 -0700)
To avoid potential security problems, non-privileged users should
have no permission to run 'lfs changelog' & 'lfs changelog_clear'.

Signed-off-by: Niu Yawei <yawei.niu@intel.com>
Reviewed-on: http://review.whamcloud.com/14280
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6415
Reviewed-by: Lai Siyao <lai.siyao@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/lustre/lustre/llite/dir.c

index d407fcc9904dae38de047c2cfd7cf5be921627b5..cc6f0f596ffe3d0ff3572c3330bd6f58e1ab7bf7 100644 (file)
@@ -1734,6 +1734,9 @@ out_quotactl:
        }
        case OBD_IOC_CHANGELOG_SEND:
        case OBD_IOC_CHANGELOG_CLEAR:
+               if (!capable(CFS_CAP_SYS_ADMIN))
+                       return -EPERM;
+
                rc = copy_and_ioctl(cmd, sbi->ll_md_exp, (void *)arg,
                                    sizeof(struct ioc_changelog));
                return rc;