staging/lustre: fix permission problem of setfacl

Setxattr does not check the permission when setting ACL xattrs. This
will cause security problem because any user can walk around
permission checking by changing ACL rules.
Signed-off-by: NLi Xi <lixi@ddn.com>
Reviewed-on: http://review.whamcloud.com/9473
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-4704Reviewed-by: NAndreas Dilger <andreas.dilger@intel.com>
Reviewed-by: NBob Glossman <bob.glossman@intel.com>
Reviewed-by: NJohn L. Hammond <john.hammond@intel.com>
Signed-off-by: NOleg Drokin <oleg.drokin@intel.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/lustre/lustre/llite/xattr.c

@@ -124,6 +124,11 @@ int ll_setxattr_common(struct inode *inode, const char *name,
 	if (rc)
 		return rc;
 
+	if ((xattr_type == XATTR_ACL_ACCESS_T ||
+	     xattr_type == XATTR_ACL_DEFAULT_T) &&
+	    !inode_owner_or_capable(inode))
+		return -EPERM;
+
 	/* b10667: ignore lustre special xattr for now */
 	if ((xattr_type == XATTR_TRUSTED_T && strcmp(name, "trusted.lov") == 0) ||
 	    (xattr_type == XATTR_LUSTRE_T && strcmp(name, "lustre.lov") == 0))