• Tejun Heo's avatar
    kernfs, sysfs, cgroup: restrict extra perm check on open to sysfs · 555724a8
    Tejun Heo authored
    The kernfs open method - kernfs_fop_open() - inherited extra
    permission checks from sysfs.  While the vfs layer allows ignoring the
    read/write permissions checks if the issuer has CAP_DAC_OVERRIDE,
    sysfs explicitly denied open regardless of the cap if the file doesn't
    have any of the UGO perms of the requested access or doesn't implement
    the requested operation.  It can be debated whether this was a good
    idea or not but the behavior is too subtle and dangerous to change at
    this point.
    
    After cgroup got converted to kernfs, this extra perm check also got
    applied to cgroup breaking libcgroup which opens write-only files with
    O_RDWR as root.  This patch gates the extra open permission check with
    a new flag KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK and enables it for sysfs.
    For sysfs, nothing changes.  For cgroup, root now can perform any
    operation regardless of the permissions as it was before kernfs
    conversion.  Note that kernfs still fails unimplemented operations
    with -EINVAL.
    
    While at it, add comments explaining KERNFS_ROOT flags.
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    Reported-by: default avatarAndrey Wagin <avagin@gmail.com>
    Tested-by: default avatarAndrey Wagin <avagin@gmail.com>
    Cc: Li Zefan <lizefan@huawei.com>
    References: http://lkml.kernel.org/g/CANaxB-xUm3rJ-Cbp72q-rQJO5mZe1qK6qXsQM=vh0U8upJ44+A@mail.gmail.com
    Fixes: 2bd59d48 ("cgroup: convert to kernfs")
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    555724a8
kernfs.h 13.7 KB