From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57CE4C49361 for ; Mon, 28 Jun 2021 12:33:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2C63F61C71 for ; Mon, 28 Jun 2021 12:33:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232830AbhF1MgH (ORCPT ); Mon, 28 Jun 2021 08:36:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:51756 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232598AbhF1MgE (ORCPT ); Mon, 28 Jun 2021 08:36:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id AE94261C69; Mon, 28 Jun 2021 12:33:36 +0000 (UTC) Date: Mon, 28 Jun 2021 14:33:33 +0200 From: Christian Brauner To: Vivek Goyal Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk, virtio-fs@redhat.com, dwalsh@redhat.com, dgilbert@redhat.com, berrange@redhat.com Subject: Re: [PATCH 1/1] xattr: Allow user.* xattr on symlink/special files with CAP_SYS_RESOURCE Message-ID: <20210628123333.4lueag2a5uhdsfor@wittgenstein> References: <20210625191229.1752531-1-vgoyal@redhat.com> <20210625191229.1752531-2-vgoyal@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20210625191229.1752531-2-vgoyal@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 25, 2021 at 03:12:29PM -0400, Vivek Goyal wrote: > As of now user.* xattrs are allowed only on regular files and directories. > And in case of directories if sticky bit is set, then it is allowed > only if caller is owner or has CAP_FOWNER. > > "man xattr" suggests that primary reason behind this restrcition is that > users can set unlimited amount of "user.*" xattrs on symlinks and special > files and bypass quota checks. Following is from man page. > > "These differences would allow users to consume filesystem resources in > a way not controllable by disk quotas for group or world writable spe‐ > cial files and directories" > > Capability CAP_SYS_RESOURCE allows for overriding disk quota limits. If > being able to bypass quota is primary reason behind these restrictions, > can we relax these restrictions if caller has CAP_SYS_RESOURCE. > > Signed-off-by: Vivek Goyal > --- I think this change is fine especially since it seems to solve a real problem there since it prevents relabeling for virtiofsd. From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 28 Jun 2021 14:33:33 +0200 From: Christian Brauner Message-ID: <20210628123333.4lueag2a5uhdsfor@wittgenstein> References: <20210625191229.1752531-1-vgoyal@redhat.com> <20210625191229.1752531-2-vgoyal@redhat.com> MIME-Version: 1.0 In-Reply-To: <20210625191229.1752531-2-vgoyal@redhat.com> Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit Subject: Re: [Virtio-fs] [PATCH 1/1] xattr: Allow user.* xattr on symlink/special files with CAP_SYS_RESOURCE List-Id: Development discussions about virtio-fs List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Vivek Goyal Cc: berrange@redhat.com, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org On Fri, Jun 25, 2021 at 03:12:29PM -0400, Vivek Goyal wrote: > As of now user.* xattrs are allowed only on regular files and directories. > And in case of directories if sticky bit is set, then it is allowed > only if caller is owner or has CAP_FOWNER. > > "man xattr" suggests that primary reason behind this restrcition is that > users can set unlimited amount of "user.*" xattrs on symlinks and special > files and bypass quota checks. Following is from man page. > > "These differences would allow users to consume filesystem resources in > a way not controllable by disk quotas for group or world writable spe‐ > cial files and directories" > > Capability CAP_SYS_RESOURCE allows for overriding disk quota limits. If > being able to bypass quota is primary reason behind these restrictions, > can we relax these restrictions if caller has CAP_SYS_RESOURCE. > > Signed-off-by: Vivek Goyal > --- I think this change is fine especially since it seems to solve a real problem there since it prevents relabeling for virtiofsd.