提交 08e6d768 编写于 作者: Z zhangliguang 提交者: Caspar Zhang

alinux: fs,ext4: remove projid limit when create hard link

This is a temporary workaround plan to avoid the limitation when
creating hard link cross two projids.
Signed-off-by: Nzhangliguang <zhangliguang@linux.alibaba.com>
Reviewed-by: NLiu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: NJoseph Qi <joseph.qi@linux.alibaba.com>
Acked-by: NCaspar Zhang <caspar@linux.alibaba.com>
上级 7e2e7b9a
......@@ -36,6 +36,7 @@ Currently, these files are in /proc/sys/fs:
- pipe-user-pages-soft
- protected_fifos
- protected_hardlinks
- hardlink_cross_projid
- protected_regular
- protected_symlinks
- suid_dumpable
......@@ -238,6 +239,15 @@ When set to "2" it also applies to group writable sticky directories.
==============================================================
hardlink_cross_projid:
This is a temporary workaround plan to avoid the limitation when creating
hard link cross two projids. When set to "0", hardlink creation cross
two projids is restricted. When set to "1" hardlinks can be created
cross two projids.
==============================================================
protected_symlinks:
A long-standing class of security issues is the symlink-based
......
......@@ -3224,7 +3224,8 @@ static int ext4_link(struct dentry *old_dentry,
if (err)
return err;
if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
if (!sysctl_hardlink_cross_projid &&
(ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
(!projid_eq(EXT4_I(dir)->i_projid,
EXT4_I(old_dentry->d_inode)->i_projid)))
return -EXDEV;
......
......@@ -74,6 +74,7 @@ extern struct inodes_stat_t inodes_stat;
extern int leases_enable, lease_break_time;
extern int sysctl_protected_symlinks;
extern int sysctl_protected_hardlinks;
extern int sysctl_hardlink_cross_projid;
extern int sysctl_protected_fifos;
extern int sysctl_protected_regular;
......
......@@ -144,6 +144,9 @@ int fs_overflowgid = DEFAULT_FS_OVERFLOWGID;
EXPORT_SYMBOL(fs_overflowuid);
EXPORT_SYMBOL(fs_overflowgid);
int sysctl_hardlink_cross_projid = 0;
EXPORT_SYMBOL(sysctl_hardlink_cross_projid);
/*
* Returns true if current's euid is same as p's uid or euid,
* or has CAP_SYS_NICE to p's user_ns.
......
......@@ -1874,6 +1874,15 @@ static struct ctl_table fs_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &one,
},
{
.procname = "hardlink_cross_projid",
.data = &sysctl_hardlink_cross_projid,
.maxlen = sizeof(int),
.mode = 0600,
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
.extra2 = &one,
},
{ }
};
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册