A fix to add missing capability checks in rbd, marked for stable.

-----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAl9bhgATHGlkcnlvbW92 QGdtYWlsLmNvbQAKCRBKf944AhHzi1mQB/9dvC/Bg1iHRZce0eIJT1USBqPL532t qIDyh66LQZU+VvB3Fdbmc9DQnHFUe4iMmUaU4haxxMzgyw7KTogSRFDk/bZOiPiu DfFqLHWL6fl9JBhhuwdF4o3QY6PkgjUBVo4lo+dVXZk4Spzcwub+4rCcsRE9hrk0 qL9fiV87OfL9x1neGrskKgWriTp53pQuCXNfOqBSl67VhJ6CaxG5zWNhiDq8pi3O 3u8t5JRdL7lQ98JS9rhTGC8ubM2Menn50jIIJIAI+Vy8uHY18lZIqYJ3Nay73VUT YCFr6R7tEpK6nG3f8zN+9qWMq3WzhlS6wqyvsNH9/+XwVnwzrJPuz+VJ =hdw2 -----END PGP SIGNATURE----- Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client Pull ceph fix from Ilya Dryomov: "Add missing capability checks in rbd, marked for stable" * tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client: rbd: require global CAP_SYS_ADMIN for mapping and unmapping
2020-09-11 13:47:29 -07:00 · 2020-09-11 13:47:29 -07:00 · 729e3d0919
parent e9287bd248 f44d04e696
commit 729e3d0919
1 changed files with 12 additions and 0 deletions
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@ -5120,6 +5120,9 @@ static ssize_t rbd_config_info_show(struct device *dev,
 {
 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	return sprintf(buf, "%s\n", rbd_dev->config_info);
 }

@ -5231,6 +5234,9 @@ static ssize_t rbd_image_refresh(struct device *dev,
 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
 	int ret;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	ret = rbd_dev_refresh(rbd_dev);
 	if (ret)
 		return ret;
@ -7059,6 +7065,9 @@ static ssize_t do_rbd_add(struct bus_type *bus,
 	struct rbd_client *rbdc;
 	int rc;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if (!try_module_get(THIS_MODULE))
 		return -ENODEV;

@ -7209,6 +7218,9 @@ static ssize_t do_rbd_remove(struct bus_type *bus,
 	bool force = false;
 	int ret;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	dev_id = -1;
 	opt_buf[0] = '\0';
 	sscanf(buf, "%d %5s", &dev_id, opt_buf);