Commit 729e3d09 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client 

Pull ceph fix from Ilya Dryomov:
 "Add missing capability checks in rbd, marked for stable"

* tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client:
  rbd: require global CAP_SYS_ADMIN for mapping and unmapping
parents e9287bd2 f44d04e6

drivers/block/rbd.c

+12 −0
Original line number Diff line number Diff line
@@ -5120,6 +5120,9 @@ static ssize_t rbd_config_info_show(struct device *dev, 
{

	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);



	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;



	return sprintf(buf, "%s\n", rbd_dev->config_info);

}
@@ -5231,6 +5234,9 @@ static ssize_t rbd_image_refresh(struct device *dev, 
	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);

	int ret;



	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;



	ret = rbd_dev_refresh(rbd_dev);

	if (ret)

		return ret;
@@ -7059,6 +7065,9 @@ static ssize_t do_rbd_add(struct bus_type *bus, 
	struct rbd_client *rbdc;

	int rc;



	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;



	if (!try_module_get(THIS_MODULE))

		return -ENODEV;
@@ -7209,6 +7218,9 @@ static ssize_t do_rbd_remove(struct bus_type *bus, 
	bool force = false;

	int ret;



	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;



	dev_id = -1;

	opt_buf[0] = '\0';

	sscanf(buf, "%d %5s", &dev_id, opt_buf);

CRA Git | Maintained and supported by SUSTech CRA and CCSE