From c12d91242909536de340b4f3363f5b1588f5c013 Mon Sep 17 00:00:00 2001
From: Niu Yawei <yawei.niu@intel.com>
Date: Tue, 31 Mar 2015 09:33:23 -0400
Subject: [PATCH] LU-6415 utils: deny non-root user for changelog operations

To avoid potential security problems, non-privileged users should
have no permission to run 'lfs changelog' & 'lfs changelog_clear'.

Signed-off-by: Niu Yawei <yawei.niu@intel.com>
Change-Id: I5f38ba5b139f2f3b6495d3c97d82a47daecf8187
Reviewed-on: http://review.whamcloud.com/14280
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Lai Siyao <lai.siyao@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---
 lustre/llite/dir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 9c90098..c038694 100644
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -1523,6 +1523,9 @@ out_rmdir:
         }
         case OBD_IOC_CHANGELOG_SEND:
         case OBD_IOC_CHANGELOG_CLEAR:
+		if (!cfs_capable(CFS_CAP_SYS_ADMIN))
+			RETURN(-EPERM);
+
 		rc = copy_and_ioctl(cmd, sbi->ll_md_exp, (void __user *)arg,
                                     sizeof(struct ioc_changelog));
                 RETURN(rc);
-- 
1.8.3.1