From: Niu Yawei <yawei.niu@intel.com>
Date: Tue, 31 Mar 2015 13:33:23 +0000 (-0400)
Subject: LU-6415 utils: deny non-root user for changelog operations
X-Git-Tag: 2.7.57~65
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=c12d91242909536de340b4f3363f5b1588f5c013

LU-6415 utils: deny non-root user for changelog operations

To avoid potential security problems, non-privileged users should
have no permission to run 'lfs changelog' & 'lfs changelog_clear'.

Signed-off-by: Niu Yawei <yawei.niu@intel.com>
Change-Id: I5f38ba5b139f2f3b6495d3c97d82a47daecf8187
Reviewed-on: http://review.whamcloud.com/14280
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Lai Siyao <lai.siyao@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 9c90098..c038694 100644
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -1523,6 +1523,9 @@ out_rmdir:
         }
         case OBD_IOC_CHANGELOG_SEND:
         case OBD_IOC_CHANGELOG_CLEAR:
+		if (!cfs_capable(CFS_CAP_SYS_ADMIN))
+			RETURN(-EPERM);
+
 		rc = copy_and_ioctl(cmd, sbi->ll_md_exp, (void __user *)arg,
                                     sizeof(struct ioc_changelog));
                 RETURN(rc);