diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2019-07-01 17:25:35 +0200 |
---|---|---|
committer | Darrick J. Wong <darrick.wong@oracle.com> | 2019-07-01 17:25:35 +0200 |
commit | f991492ed11055934f1b35615cb1b435325939bf (patch) | |
tree | 97be4cf121aa028469a10e58a609bff5002eb6a5 /fs/inode.c | |
parent | vfs: create a generic checking function for FS_IOC_FSSETXATTR (diff) | |
download | linux-f991492ed11055934f1b35615cb1b435325939bf.tar.xz linux-f991492ed11055934f1b35615cb1b435325939bf.zip |
vfs: teach vfs_ioc_fssetxattr_check to check project id info
Standardize the project id checks for FSSETXATTR.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/inode.c')
-rw-r--r-- | fs/inode.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/inode.c b/fs/inode.c index ba2bafa22885..30b720cffd9c 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; + /* + * Project Quota ID state is only allowed to change from within the init + * namespace. Enforce that restriction only if we are trying to change + * the quota ID state. Everything else is allowed in user namespaces. + */ + if (current_user_ns() != &init_user_ns) { + if (old_fa->fsx_projid != fa->fsx_projid) + return -EINVAL; + if ((old_fa->fsx_xflags ^ fa->fsx_xflags) & + FS_XFLAG_PROJINHERIT) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL(vfs_ioc_fssetxattr_check); |