summaryrefslogtreecommitdiff
path: root/include/linux/device_cgroup.h
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2020-05-14 16:44:23 +0200
committerMiklos Szeredi <mszeredi@redhat.com>2020-05-14 16:44:23 +0200
commita3c751a50fe6bbe50eb7622a14b18b361804ee0c (patch)
treec06d4a05f89fea5d5ea3f4729ab6748140bbb77a /include/linux/device_cgroup.h
parent0e698dfa282211e414076f9dc7e83c1c288314fd (diff)
vfs: allow unprivileged whiteout creation
Whiteouts, unlike real device node should not require privileges to create. The general concern with device nodes is that opening them can have side effects. The kernel already avoids zero major (see Documentation/admin-guide/devices.txt). To be on the safe side the patch explicitly forbids registering a char device with 0/0 number (see cdev_add()). This guarantees that a non-O_PATH open on a whiteout will fail with ENODEV; i.e. it won't have any side effect. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'include/linux/device_cgroup.h')
-rw-r--r--include/linux/device_cgroup.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h
index fa35b52e0002..57e63bd63370 100644
--- a/include/linux/device_cgroup.h
+++ b/include/linux/device_cgroup.h
@@ -51,6 +51,9 @@ static inline int devcgroup_inode_mknod(int mode, dev_t dev)
if (!S_ISBLK(mode) && !S_ISCHR(mode))
return 0;
+ if (S_ISCHR(mode) && dev == WHITEOUT_DEV)
+ return 0;
+
if (S_ISBLK(mode))
type = DEVCG_DEV_BLOCK;
else