UPSTREAM: tracefs: Have tracefs directories not set OTH permission bits by default

[ Upstream commit 49d67e4457 ] The tracefs file system is by default mounted such that only root user can access it. But there are legitimate reasons to create a group and allow those added to the group to have access to tracing. By changing the permissions of the tracefs mount point to allow access, it will allow group access to the tracefs directory. There should not be any real reason to allow all access to the tracefs directory as it contains sensitive information. Have the default permission of directories being created not have any OTH (other) bits set, such that an admin that wants to give permission to a group has to first disable all OTH bits in the file system. Link: https://lkml.kernel.org/r/20210818153038.664127804@goodmis.org Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 3c2434d9a6) Bug: 214061655 Signed-off-by: Roger Liao <rogerliao@google.com> Change-Id: Id2cd708f00f31adc8ef398c80e098fe8742e6fa9
2026-01-06 11:08:10 -08:00 · 2021-08-18 11:24:50 -04:00
parent 64095600fd
commit 9c63be2ada
1 changed files with 2 additions and 1 deletions
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -430,7 +430,8 @@ static struct dentry *__create_dir(const char *name, struct dentry *parent,
 	if (unlikely(!inode))
 		return failed_creating(dentry);

-	inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
+	/* Do not set bits for OTH */
+	inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP;
 	inode->i_op = ops;
 	inode->i_fop = &simple_dir_operations;