Commit b8667395 authored Oct 09, 2020 by Vivek Goyal Committed by Miklos Szeredi Nov 11, 2020

fuse: set FUSE_WRITE_KILL_SUIDGID in cached write path



With HANDLE_KILLPRIV_V2, server will need to kill suid/sgid if caller does
not have CAP_FSETID.  We already have a flag FUSE_WRITE_KILL_SUIDGID in
WRITE request and we already set it in direct I/O path.

To make it work in cached write path also, start setting
FUSE_WRITE_KILL_SUIDGID in this path too.

Set it only if fc->handle_killpriv_v2 is set.  Otherwise client is
responsible for kill suid/sgid.

In case of direct I/O we set FUSE_WRITE_KILL_SUIDGID unconditionally
because we don't call file_remove_privs() in that path (with cache=none
option).

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

parent 10c52c84

fs/fuse/file.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1097,6 +1097,8 @@ static ssize_t fuse_send_write_pages(struct fuse_io_args *ia,

		fuse_write_args_fill(ia, ff, pos, count);
		ia->write.in.flags = fuse_write_flags(iocb);
		if (fm->fc->handle_killpriv_v2 && !capable(CAP_FSETID))
		ia->write.in.write_flags \|= FUSE_WRITE_KILL_SUIDGID;

		err = fuse_simple_request(fm, &ap->args);
		if (!err && ia->write.out.size > count)

Admin message