| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240829105717.1163483-1-max.kellermann@ionos.com> Date: Thu, 29 Aug 2024 12:57:17 +0200 From: Max Kellermann <max.kellermann@...os.com> To: xiubli@...hat.com, idryomov@...il.com, ceph-devel@...r.kernel.org Cc: linux-kernel@...r.kernel.org, Max Kellermann <max.kellermann@...os.com> Subject: [PATCH] fs/ceph/quota: ignore quota with CAP_SYS_RESOURCE CAP_SYS_RESOURCE allows users to "override disk quota limits". Most filesystems have a CAP_SYS_RESOURCE check in all quota check code paths, but Ceph currently does not. This patch implements the feature. Signed-off-by: Max Kellermann <max.kellermann@...os.com> --- fs/ceph/quota.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c index 06ee397e0c3a..666315ec74d3 100644 --- a/fs/ceph/quota.c +++ b/fs/ceph/quota.c @@ -429,6 +429,9 @@ bool ceph_quota_is_max_files_exceeded(struct inode *inode) WARN_ON(!S_ISDIR(inode->i_mode)); + if (capable(CAP_SYS_RESOURCE)) + return false; + return check_quota_exceeded(inode, QUOTA_CHECK_MAX_FILES_OP, 1); } @@ -451,6 +454,9 @@ bool ceph_quota_is_max_bytes_exceeded(struct inode *inode, loff_t newsize) if (newsize <= size) return false; + if (capable(CAP_SYS_RESOURCE)) + return false; + return check_quota_exceeded(inode, QUOTA_CHECK_MAX_BYTES_OP, (newsize - size)); } @@ -473,6 +479,9 @@ bool ceph_quota_is_max_bytes_approaching(struct inode *inode, loff_t newsize) if (newsize <= size) return false; + if (capable(CAP_SYS_RESOURCE)) + return false; + return check_quota_exceeded(inode, QUOTA_CHECK_MAX_BYTES_APPROACHING_OP, (newsize - size)); } -- 2.45.2
Powered by blists - more mailing lists