From patchwork Sat Oct 21 13:45:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Belouin X-Patchwork-Id: 828930 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Hy00bLZD"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yK3sL0WWDz9t30 for ; Sun, 22 Oct 2017 00:48:18 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=WI/ojb0m2FZxUe/70psdvQND7Gk7P679SBtcs0e7+jc=; b=Hy0 0bLZDWtcrmr0nbc9Eni+wcvhhoddUV2H3u3East6F7N3yblCAO7CmZEGG6JL2EZfSFdttaGa8KHBB 4TLO/UURLHcc3KnSxMjBqL8gvyq5Ve2x1AaejAFsfZWIEXSKTSVjCBK5zqgJH6yqydtZjSVMqvAiC FaYgdh5wHkwfKy6lg5fqIE+WweYy+k79TUhmuJ8YxYjdXEj0Tr95bHQTupJgXjqHTCd2H8hHB2KjJ LVomTfJOAqINFGBryqf0Xdfae3H3f8MaRFx7uCsyMEEvfWKlyghDf6QXEOXSBx6Rl5siXZVCwLpe6 o3PBihsAD1MLG6tudG/ofZHOrVqSOAA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e5u87-0003KW-A2; Sat, 21 Oct 2017 13:47:59 +0000 Received: from smtp-sh2.infomaniak.ch ([128.65.195.6]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e5u7i-0003Jf-AA for linux-mtd@lists.infradead.org; Sat, 21 Oct 2017 13:47:36 +0000 Received: from smtp5.infomaniak.ch (smtp5.infomaniak.ch [83.166.132.18]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id v9LDjES5000652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 21 Oct 2017 15:45:14 +0200 Received: from asteria.bifrost.heptaoctet.net (2a01cb0006599200ecc2fee554347e0f.ipv6.abo.wanadoo.fr [IPv6:2a01:cb00:659:9200:ecc2:fee5:5434:7e0f]) (authenticated bits=0) by smtp5.infomaniak.ch (8.14.5/8.14.5) with ESMTP id v9LDj3jC023038; Sat, 21 Oct 2017 15:45:03 +0200 From: Nicolas Belouin To: Jan Kara , "Theodore Ts'o" , Andreas Dilger , Jaegeuk Kim , Chao Yu , David Woodhouse , Dave Kleikamp , Mark Fasheh , Joel Becker , Miklos Szeredi , Phillip Lougher , Richard Weinberger , Artem Bityutskiy , Adrian Hunter , Alexander Viro , Serge Hallyn , Paul Moore , Stephen Smalley , Eric Paris , James Morris , linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org, jfs-discussion@lists.sourceforge.net, ocfs2-devel@oss.oracle.com, linux-unionfs@vger.kernel.org, reiserfs-devel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-api@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED Date: Sat, 21 Oct 2017 15:45:57 +0200 Message-Id: <20171021134558.21195-1-nicolas@belouin.fr> X-Mailer: git-send-email 2.14.2 X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171021_064734_779355_2DFA5A3E X-CRM114-Status: UNSURE ( 8.13 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -7.0 (-------) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-7.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [128.65.195.6 listed in list.dnswl.org] -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [128.65.195.6 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Nicolas Belouin MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org with CAP_SYS_ADMIN being bloated, the usefulness of using it to flag a process to be entrusted for e.g reading and writing trusted xattr is near zero. CAP_TRUSTED aims to provide userland with a way to mark a process as entrusted to do specific (not specially admin-centered) actions. It would for example allow a process to red/write the trusted xattrs. Signed-off-by: Nicolas Belouin --- include/uapi/linux/capability.h | 6 +++++- security/selinux/include/classmap.h | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index ce230aa6d928..27e457b93c84 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h @@ -369,7 +369,11 @@ struct vfs_ns_cap_data { #define CAP_SYS_MOUNT 38 -#define CAP_LAST_CAP CAP_SYS_MOUNT +/* Allow read/write trusted xattr */ + +#define CAP_TRUSTED 39 + +#define CAP_LAST_CAP CAP_TRUSTED #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index a873dce97fd5..f5dc8e109f5a 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -24,9 +24,10 @@ "audit_control", "setfcap" #define COMMON_CAP2_PERMS "mac_override", "mac_admin", "syslog", \ - "wake_alarm", "block_suspend", "audit_read", "sys_mount" + "wake_alarm", "block_suspend", "audit_read", "sys_mount", \ + "trusted" -#if CAP_LAST_CAP > CAP_SYS_MOUNT +#if CAP_LAST_CAP > CAP_TRUSTED #error New capability defined, please update COMMON_CAP2_PERMS. #endif From patchwork Sat Oct 21 13:45:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Belouin X-Patchwork-Id: 828931 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="dy2NsxGx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yK3sX65nKz9t30 for ; Sun, 22 Oct 2017 00:48:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=VXgmXc8xMLr5QOlkRFB+vI6s9SBs3LytinMHDje97+I=; b=dy2NsxGxyiGbiOQEzuNICY52c2 soCaV5IfRfLYnXxZX+u21d0j36x9IVfR8IGyLNQqGb6BEYpA/rCh55AVEZgS1NNTH6C2Fqzhhgwkq wrMhNx6C+h/6cOzTWoI8efl8zGlRljIvt2tmI+waTEPdxly0oy0CUqXkXizsQhZQypjeSHsj74iDQ xwnscLx694uZXyUMz6GoSI9rLLCjYikfaEUkbNDef81tLb5bnpU4MRE7JchzgaI6aqpp0DhDZUQHf Jqu5rmkzblQK2TJSbNr6d8A8vPsmKR04zOXakaoMGd3OKGr+F5SIJu4wmPmazu/ZcSRlRnX0b9SSy rXzzirwA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e5u8b-0003VU-7W; Sat, 21 Oct 2017 13:48:29 +0000 Received: from smtp-sh2.infomaniak.ch ([128.65.195.6]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e5u7i-0003Jh-AC for linux-mtd@lists.infradead.org; Sat, 21 Oct 2017 13:47:36 +0000 Received: from smtp5.infomaniak.ch (smtp5.infomaniak.ch [83.166.132.18]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id v9LDjLTI000780 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 21 Oct 2017 15:45:21 +0200 Received: from asteria.bifrost.heptaoctet.net (2a01cb0006599200ecc2fee554347e0f.ipv6.abo.wanadoo.fr [IPv6:2a01:cb00:659:9200:ecc2:fee5:5434:7e0f]) (authenticated bits=0) by smtp5.infomaniak.ch (8.14.5/8.14.5) with ESMTP id v9LDj3jE023038; Sat, 21 Oct 2017 15:45:21 +0200 From: Nicolas Belouin To: Jan Kara , "Theodore Ts'o" , Andreas Dilger , Jaegeuk Kim , Chao Yu , David Woodhouse , Dave Kleikamp , Mark Fasheh , Joel Becker , Miklos Szeredi , Phillip Lougher , Richard Weinberger , Artem Bityutskiy , Adrian Hunter , Alexander Viro , Serge Hallyn , Paul Moore , Stephen Smalley , Eric Paris , James Morris , linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org, jfs-discussion@lists.sourceforge.net, ocfs2-devel@oss.oracle.com, linux-unionfs@vger.kernel.org, reiserfs-devel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-api@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [RFC PATCH 2/2] fs: Grant CAP_TRUSTED rw access to trusted xattrs Date: Sat, 21 Oct 2017 15:45:58 +0200 Message-Id: <20171021134558.21195-2-nicolas@belouin.fr> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171021134558.21195-1-nicolas@belouin.fr> References: <20171021134558.21195-1-nicolas@belouin.fr> X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171021_064734_785346_6D61D5EC X-CRM114-Status: GOOD ( 15.43 ) X-Spam-Score: -7.0 (-------) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-7.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [128.65.195.6 listed in list.dnswl.org] -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [128.65.195.6 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Nicolas Belouin MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The trusted xattrs read/write access is the perfect use case for CAP_TRUSTED. Signed-off-by: Nicolas Belouin --- fs/ext2/xattr_trusted.c | 2 +- fs/ext4/xattr_trusted.c | 2 +- fs/f2fs/xattr.c | 6 +++--- fs/hfsplus/xattr.c | 2 +- fs/jffs2/xattr_trusted.c | 2 +- fs/jfs/xattr.c | 3 ++- fs/ocfs2/xattr.c | 2 +- fs/overlayfs/inode.c | 3 ++- fs/reiserfs/xattr_trusted.c | 11 ++++++++--- fs/squashfs/xattr.c | 2 +- fs/ubifs/xattr.c | 3 ++- fs/xattr.c | 4 ++-- 12 files changed, 25 insertions(+), 17 deletions(-) diff --git a/fs/ext2/xattr_trusted.c b/fs/ext2/xattr_trusted.c index 65049b71af13..8006c24f8ee0 100644 --- a/fs/ext2/xattr_trusted.c +++ b/fs/ext2/xattr_trusted.c @@ -11,7 +11,7 @@ static bool ext2_xattr_trusted_list(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN); + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } static int diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c index c7765c735714..9849d1e0ebb9 100644 --- a/fs/ext4/xattr_trusted.c +++ b/fs/ext4/xattr_trusted.c @@ -15,7 +15,7 @@ static bool ext4_xattr_trusted_list(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN); + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } static int diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c index 7c65540148f8..ef572464deca 100644 --- a/fs/f2fs/xattr.c +++ b/fs/f2fs/xattr.c @@ -37,7 +37,7 @@ static int f2fs_xattr_generic_get(const struct xattr_handler *handler, return -EOPNOTSUPP; break; case F2FS_XATTR_INDEX_TRUSTED: - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_TRUSTED)) return -EPERM; break; case F2FS_XATTR_INDEX_SECURITY: @@ -62,7 +62,7 @@ static int f2fs_xattr_generic_set(const struct xattr_handler *handler, return -EOPNOTSUPP; break; case F2FS_XATTR_INDEX_TRUSTED: - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_TRUSTED)) return -EPERM; break; case F2FS_XATTR_INDEX_SECURITY: @@ -83,7 +83,7 @@ static bool f2fs_xattr_user_list(struct dentry *dentry) static bool f2fs_xattr_trusted_list(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN); + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } static int f2fs_xattr_advise_get(const struct xattr_handler *handler, diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c index ae03a19196ef..0ec6d02ee7e9 100644 --- a/fs/hfsplus/xattr.c +++ b/fs/hfsplus/xattr.c @@ -606,7 +606,7 @@ static inline int can_list(const char *xattr_name) return !strncmp(xattr_name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) || - capable(CAP_SYS_ADMIN); + capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } static ssize_t hfsplus_listxattr_finder_info(struct dentry *dentry, diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c index 5d6030826c52..3c7ae98e4525 100644 --- a/fs/jffs2/xattr_trusted.c +++ b/fs/jffs2/xattr_trusted.c @@ -35,7 +35,7 @@ static int jffs2_trusted_setxattr(const struct xattr_handler *handler, static bool jffs2_trusted_listxattr(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN); + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } const struct xattr_handler jffs2_trusted_xattr_handler = { diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 1c46573a96ed..e4f44f5133a1 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -859,7 +859,8 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, static inline int can_list(struct jfs_ea *ea) { return (!strncmp(ea->name, XATTR_TRUSTED_PREFIX, - XATTR_TRUSTED_PREFIX_LEN) || capable(CAP_SYS_ADMIN)); + XATTR_TRUSTED_PREFIX_LEN) || + capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED)); } ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 5fdf269ba82e..2b3994d192c6 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -906,7 +906,7 @@ static int ocfs2_xattr_list_entry(struct super_block *sb, break; case OCFS2_XATTR_INDEX_TRUSTED: - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_TRUSTED)) return 0; break; } diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index a619addecafc..c627003d3a74 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -264,7 +264,8 @@ static bool ovl_can_list(const char *s) return true; /* Never list trusted.overlay, list other trusted for superuser only */ - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN); + return !ovl_is_private_xattr(s) && + (capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED)); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) diff --git a/fs/reiserfs/xattr_trusted.c b/fs/reiserfs/xattr_trusted.c index f15a5f9e84ce..6f3fa0db8272 100644 --- a/fs/reiserfs/xattr_trusted.c +++ b/fs/reiserfs/xattr_trusted.c @@ -7,11 +7,16 @@ #include "xattr.h" #include +inline bool trusted_capable(void) +{ + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); +} + static int trusted_get(const struct xattr_handler *handler, struct dentry *unused, struct inode *inode, const char *name, void *buffer, size_t size) { - if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(inode)) + if (!trusted_capable() || IS_PRIVATE(inode)) return -EPERM; return reiserfs_xattr_get(inode, xattr_full_name(handler, name), @@ -23,7 +28,7 @@ trusted_set(const struct xattr_handler *handler, struct dentry *unused, struct inode *inode, const char *name, const void *buffer, size_t size, int flags) { - if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(inode)) + if (!trusted_capable() || IS_PRIVATE(inode)) return -EPERM; return reiserfs_xattr_set(inode, @@ -33,7 +38,7 @@ trusted_set(const struct xattr_handler *handler, struct dentry *unused, static bool trusted_list(struct dentry *dentry) { - return capable(CAP_SYS_ADMIN) && !IS_PRIVATE(d_inode(dentry)); + return trusted_capable() && !IS_PRIVATE(d_inode(dentry)); } const struct xattr_handler reiserfs_xattr_trusted_handler = { diff --git a/fs/squashfs/xattr.c b/fs/squashfs/xattr.c index 1548b3784548..e0a285ab1f7e 100644 --- a/fs/squashfs/xattr.c +++ b/fs/squashfs/xattr.c @@ -237,7 +237,7 @@ static const struct xattr_handler squashfs_xattr_user_handler = { */ static bool squashfs_trusted_xattr_handler_list(struct dentry *d) { - return capable(CAP_SYS_ADMIN); + return capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); } static const struct xattr_handler squashfs_xattr_trusted_handler = { diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index c13eae819cbc..f3aa8be72a66 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -406,7 +406,8 @@ static bool xattr_visible(const char *name) /* Show trusted namespace only for "power" users */ if (strncmp(name, XATTR_TRUSTED_PREFIX, - XATTR_TRUSTED_PREFIX_LEN) == 0 && !capable(CAP_SYS_ADMIN)) + XATTR_TRUSTED_PREFIX_LEN) == 0 && + !capable(CAP_SYS_ADMIN) && !capable(CAP_TRUSTED)) return false; return true; diff --git a/fs/xattr.c b/fs/xattr.c index 61cd28ba25f3..d9e9a0083dbb 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -113,7 +113,7 @@ xattr_permission(struct inode *inode, const char *name, int mask) * The trusted.* namespace can only be accessed by privileged users. */ if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_TRUSTED)) return (mask & MAY_WRITE) ? -EPERM : -ENODATA; return 0; } @@ -945,7 +945,7 @@ static int xattr_list_one(char **buffer, ssize_t *remaining_size, ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, char *buffer, size_t size) { - bool trusted = capable(CAP_SYS_ADMIN); + bool trusted = capable(CAP_SYS_ADMIN) || capable(CAP_TRUSTED); struct simple_xattr *xattr; ssize_t remaining_size = size; int err = 0;