[-V1,09/22] vfs: Make acl_permission_check() work for richacls
diff mbox

Message ID 1398615293-22931-10-git-send-email-aneesh.kumar@linux.vnet.ibm.com
State New, archived
Headers show

Commit Message

Aneesh Kumar K.V April 27, 2014, 4:14 p.m. UTC
From: Andreas Gruenbacher <agruen@kernel.org>

Signed-off-by: Andreas Gruenbacher <agruen@kernel.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
---
 fs/namei.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

Comments

Dave Chinner April 29, 2014, 12:20 a.m. UTC | #1
On Sun, Apr 27, 2014 at 09:44:40PM +0530, Aneesh Kumar K.V wrote:
> From: Andreas Gruenbacher <agruen@kernel.org>
> 
> Signed-off-by: Andreas Gruenbacher <agruen@kernel.org>
> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
> ---
>  fs/namei.c | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index 26b9a8212837..06474553c08d 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -284,6 +284,19 @@ static int acl_permission_check(struct inode *inode, int mask)
>  {
>  	unsigned int mode = inode->i_mode;
>  
> +	if (IS_RICHACL(inode)) {
> +		int error = check_acl(inode, mask);
> +		if (error != -EAGAIN)
> +			return error;
> +		if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
> +			    MAY_CHMOD | MAY_SET_TIMES)) {
> +			/*
> +			 * The file permission bit cannot grant these
> +			 * permissions.
> +			 */
> +			return -EACCES;
> +		}
> +	}
>  	if (likely(uid_eq(current_fsuid(), inode->i_uid)))
>  		mode >>= 6;
>  	else {

why does this take priority over a simple uid match? Some comments
explaining this for people unfamiliar with richacls would be nice.
Not to mention the commit message should also explain the change...

Cheers,

Dave.
Aneesh Kumar K.V May 1, 2014, 3:39 p.m. UTC | #2
Dave Chinner <david@fromorbit.com> writes:

> On Sun, Apr 27, 2014 at 09:44:40PM +0530, Aneesh Kumar K.V wrote:
>> From: Andreas Gruenbacher <agruen@kernel.org>
>> 
>> Signed-off-by: Andreas Gruenbacher <agruen@kernel.org>
>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
>> ---
>>  fs/namei.c | 13 +++++++++++++
>>  1 file changed, 13 insertions(+)
>> 
>> diff --git a/fs/namei.c b/fs/namei.c
>> index 26b9a8212837..06474553c08d 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -284,6 +284,19 @@ static int acl_permission_check(struct inode *inode, int mask)
>>  {
>>  	unsigned int mode = inode->i_mode;
>>  
>> +	if (IS_RICHACL(inode)) {
>> +		int error = check_acl(inode, mask);
>> +		if (error != -EAGAIN)
>> +			return error;
>> +		if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
>> +			    MAY_CHMOD | MAY_SET_TIMES)) {
>> +			/*
>> +			 * The file permission bit cannot grant these
>> +			 * permissions.
>> +			 */
>> +			return -EACCES;
>> +		}
>> +	}
>>  	if (likely(uid_eq(current_fsuid(), inode->i_uid)))
>>  		mode >>= 6;
>>  	else {
>
> why does this take priority over a simple uid match? Some comments
> explaining this for people unfamiliar with richacls would be nice.
> Not to mention the commit message should also explain the change...
>

Richacl can have further limitation on file owner. Will add more
comments around the function.

-aneesh

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/fs/namei.c b/fs/namei.c
index 26b9a8212837..06474553c08d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -284,6 +284,19 @@  static int acl_permission_check(struct inode *inode, int mask)
 {
 	unsigned int mode = inode->i_mode;
 
+	if (IS_RICHACL(inode)) {
+		int error = check_acl(inode, mask);
+		if (error != -EAGAIN)
+			return error;
+		if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+			    MAY_CHMOD | MAY_SET_TIMES)) {
+			/*
+			 * The file permission bit cannot grant these
+			 * permissions.
+			 */
+			return -EACCES;
+		}
+	}
 	if (likely(uid_eq(current_fsuid(), inode->i_uid)))
 		mode >>= 6;
 	else {