From f991492ed11055934f1b35615cb1b435325939bf Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Mon, 1 Jul 2019 08:25:35 -0700 Subject: vfs: teach vfs_ioc_fssetxattr_check to check project id info Standardize the project id checks for FSSETXATTR. Signed-off-by: Darrick J. Wong Reviewed-by: Jan Kara --- fs/inode.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'fs/inode.c') diff --git a/fs/inode.c b/fs/inode.c index ba2bafa22885..30b720cffd9c 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; + /* + * Project Quota ID state is only allowed to change from within the init + * namespace. Enforce that restriction only if we are trying to change + * the quota ID state. Everything else is allowed in user namespaces. + */ + if (current_user_ns() != &init_user_ns) { + if (old_fa->fsx_projid != fa->fsx_projid) + return -EINVAL; + if ((old_fa->fsx_xflags ^ fa->fsx_xflags) & + FS_XFLAG_PROJINHERIT) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL(vfs_ioc_fssetxattr_check); -- cgit v1.2.3