From: Chao Yu <chao@kernel.org>
To: Wang Shilong <wangshilong1991@gmail.com>,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Cc: adilger@dilger.ca, wshilong@ddn.com, dchinner@redhat.com
Subject: Re: [PATCH v2 2/2] f2fs: fix setattr project check upon fssetxattr ioctl
Date: Mon, 10 Sep 2018 22:45:38 +0800 [thread overview]
Message-ID: <acdda52b-02a2-52e9-4e96-2fa67ddc29a7@kernel.org> (raw)
In-Reply-To: <1536484514-16202-2-git-send-email-wshilong1991@gmail.com>
On 2018/9/9 17:15, Wang Shilong wrote:
> From: Wang Shilong <wangshilong1991@gmail.com>
>
> Currently, project quota could be changed by fssetxattr
> ioctl, and existed permission check inode_owner_or_capable()
> is obviously not enough, just think that common users could
> change project id of file, that could make users to
> break project quota easily.
>
> This patch try to follow same regular of xfs project
> quota:
>
> "Project Quota ID state is only allowed to change from
> within the init namespace. Enforce that restriction only
> if we are trying to change the quota ID state.
> Everything else is allowed in user namespaces."
>
> Besides that, check and set project id'state should
> be an atomic operation, protect whole operation with
> inode lock.
>
> Signed-off-by: Wang Shilong <wshilong@ddn.com>
It looks good to me, thanks for the patch, Shilong. :)
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
prev parent reply other threads:[~2018-09-10 14:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-09 9:15 [PATCH v2 1/2] ext4: fix setattr project check upon fssetxattr ioctl Wang Shilong
2018-09-09 9:15 ` [PATCH v2 2/2] f2fs: " Wang Shilong
2018-09-10 14:45 ` Chao Yu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acdda52b-02a2-52e9-4e96-2fa67ddc29a7@kernel.org \
--to=chao@kernel.org \
--cc=adilger@dilger.ca \
--cc=dchinner@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=wangshilong1991@gmail.com \
--cc=wshilong@ddn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.