LU-6415 utils: deny non-root user for changelog operations

To avoid potential security problems, non-privileged users should
have no permission to run 'lfs changelog' & 'lfs changelog_clear'.

Signed-off-by: Niu Yawei <yawei.niu@intel.com>
Change-Id: I5f38ba5b139f2f3b6495d3c97d82a47daecf8187
Reviewed-on: http://review.whamcloud.com/14280
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Lai Siyao <lai.siyao@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 9c90098..c038694 100644 (file)
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -1523,6 +1523,9 @@ out_rmdir:
         }
         case OBD_IOC_CHANGELOG_SEND:
         case OBD_IOC_CHANGELOG_CLEAR:
+               if (!cfs_capable(CFS_CAP_SYS_ADMIN))
+                       RETURN(-EPERM);
+
                rc = copy_and_ioctl(cmd, sbi->ll_md_exp, (void __user *)arg,
                                     sizeof(struct ioc_changelog));
                 RETURN(rc);