From: Andreas Gruenbacher <andreas.gruenbacher-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andreas Gruenbacher
<agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: [RFC v6 08/40] richacl: Compute maximum file masks from an acl
Date: Tue, 4 Aug 2015 13:53:06 +0200 [thread overview]
Message-ID: <1438689218-6921-9-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1438689218-6921-1-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Compute upper bound owner, group, and other file masks with as few
permissions as possible without denying any permissions that the NFSv4
acl in a richacl grants.
This algorithm is used when a file inherits an acl at create time and
when an acl is set via a mechanism that does not provide file masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher <agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Reviewed-by: J. Bruce Fields <bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
fs/richacl_base.c | 156 ++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/richacl.h | 1 +
2 files changed, 157 insertions(+)
diff --git a/fs/richacl_base.c b/fs/richacl_base.c
index 063dbe4..8426600 100644
--- a/fs/richacl_base.c
+++ b/fs/richacl_base.c
@@ -182,3 +182,159 @@ richacl_want_to_mask(unsigned int want)
return mask;
}
EXPORT_SYMBOL_GPL(richacl_want_to_mask);
+
+/*
+ * Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
+ * and richacl_compute_max_masks() iterate through the entire acl in reverse
+ * order as an optimization.
+ *
+ * In the standard algorithm, aces are considered in forward order. When a
+ * process matches an ace, the permissions in the ace are either allowed or
+ * denied depending on the ace type. Once a permission has been allowed or
+ * denied, it is no longer considered in further aces.
+ *
+ * By iterating through the acl in reverse order, we can compute the same
+ * result without having to keep track of which permissions have been allowed
+ * and denied already.
+ */
+
+/**
+ * richacl_allowed_to_who - permissions allowed to a specific who value
+ *
+ * Compute the maximum mask values allowed to a specific who value, taking
+ * everyone@ aces into account.
+ */
+static unsigned int richacl_allowed_to_who(struct richacl *acl,
+ struct richace *who)
+{
+ struct richace *ace;
+ unsigned int allowed = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace))
+ continue;
+ if (richace_is_same_identifier(ace, who) ||
+ richace_is_everyone(ace)) {
+ if (richace_is_allow(ace))
+ allowed |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ allowed &= ~ace->e_mask;
+ }
+ }
+ return allowed;
+}
+
+/**
+ * richacl_group_class_allowed - maximum permissions of the group class
+ *
+ * Compute the maximum mask values allowed to a process in the group class
+ * (i.e., a process which is not the owner but is in the owning group or
+ * matches a user or group acl entry). This includes permissions granted or
+ * denied by everyone@ aces.
+ *
+ * See richacl_compute_max_masks().
+ */
+static unsigned int richacl_group_class_allowed(struct richacl *acl)
+{
+ struct richace *ace;
+ unsigned int everyone_allowed = 0, group_class_allowed = 0;
+ int had_group_ace = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace) ||
+ richace_is_owner(ace))
+ continue;
+
+ if (richace_is_everyone(ace)) {
+ if (richace_is_allow(ace))
+ everyone_allowed |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ everyone_allowed &= ~ace->e_mask;
+ } else {
+ group_class_allowed |=
+ richacl_allowed_to_who(acl, ace);
+
+ if (richace_is_group(ace))
+ had_group_ace = 1;
+ }
+ }
+ /*
+ * If the acl doesn't contain any group@ aces, richacl_allowed_to_who()
+ * wasn't called for the owning group. We could make that call now, but
+ * we already know the result (everyone_allowed).
+ */
+ if (!had_group_ace)
+ group_class_allowed |= everyone_allowed;
+ return group_class_allowed;
+}
+
+/**
+ * richacl_compute_max_masks - compute upper bound masks
+ *
+ * Computes upper bound owner, group, and other masks so that none of
+ * the mask flags allowed by the acl are disabled (for any user with any
+ * group membership).
+ */
+void richacl_compute_max_masks(struct richacl *acl, kuid_t owner)
+{
+ unsigned int gmask = ~0;
+ struct richace *ace;
+
+ /*
+ * @gmask contains all permissions which the group class is ever
+ * allowed. We use it to avoid adding permissions to the group mask
+ * from everyone@ allow aces which the group class is always denied
+ * through other aces. For example, the following acl would otherwise
+ * result in a group mask of rw:
+ *
+ * group@:w::deny
+ * everyone@:rw::allow
+ *
+ * Avoid computing @gmask for acls which do not include any group class
+ * deny aces: in such acls, the group class is never denied any
+ * permissions from everyone@ allow aces, and the group class cannot
+ * have fewer permissions than the other class.
+ */
+
+restart:
+ acl->a_owner_mask = 0;
+ acl->a_group_mask = 0;
+ acl->a_other_mask = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace))
+ continue;
+
+ if (richace_is_owner(ace) ||
+ (richace_is_unix_user(ace) &&
+ uid_eq(ace->e_id.uid, owner))) {
+ if (richace_is_allow(ace))
+ acl->a_owner_mask |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ acl->a_owner_mask &= ~ace->e_mask;
+ } else if (richace_is_everyone(ace)) {
+ if (richace_is_allow(ace)) {
+ acl->a_owner_mask |= ace->e_mask;
+ acl->a_group_mask |= ace->e_mask & gmask;
+ acl->a_other_mask |= ace->e_mask;
+ } else if (richace_is_deny(ace)) {
+ acl->a_owner_mask &= ~ace->e_mask;
+ acl->a_group_mask &= ~ace->e_mask;
+ acl->a_other_mask &= ~ace->e_mask;
+ }
+ } else {
+ if (richace_is_allow(ace)) {
+ acl->a_owner_mask |= ace->e_mask & gmask;
+ acl->a_group_mask |= ace->e_mask & gmask;
+ } else if (richace_is_deny(ace) && gmask == ~0) {
+ gmask = richacl_group_class_allowed(acl);
+ if (likely(gmask != ~0))
+ /* should always be true */
+ goto restart;
+ }
+ }
+ }
+
+ acl->a_flags &= ~(RICHACL_WRITE_THROUGH | RICHACL_MASKED);
+}
+EXPORT_SYMBOL_GPL(richacl_compute_max_masks);
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index f4ba113..3d719db 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -303,5 +303,6 @@ extern void richace_copy(struct richace *, const struct richace *);
extern int richacl_masks_to_mode(const struct richacl *);
extern unsigned int richacl_mode_to_mask(mode_t);
extern unsigned int richacl_want_to_mask(unsigned int);
+extern void richacl_compute_max_masks(struct richacl *, kuid_t);
#endif /* __RICHACL_H */
--
2.5.0
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <andreas.gruenbacher@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-api@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-security-module@vger.kernel.org,
Andreas Gruenbacher <agruenba@redhat.com>
Subject: [RFC v6 08/40] richacl: Compute maximum file masks from an acl
Date: Tue, 4 Aug 2015 13:53:06 +0200 [thread overview]
Message-ID: <1438689218-6921-9-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1438689218-6921-1-git-send-email-agruenba@redhat.com>
Compute upper bound owner, group, and other file masks with as few
permissions as possible without denying any permissions that the NFSv4
acl in a richacl grants.
This algorithm is used when a file inherits an acl at create time and
when an acl is set via a mechanism that does not provide file masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
---
fs/richacl_base.c | 156 ++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/richacl.h | 1 +
2 files changed, 157 insertions(+)
diff --git a/fs/richacl_base.c b/fs/richacl_base.c
index 063dbe4..8426600 100644
--- a/fs/richacl_base.c
+++ b/fs/richacl_base.c
@@ -182,3 +182,159 @@ richacl_want_to_mask(unsigned int want)
return mask;
}
EXPORT_SYMBOL_GPL(richacl_want_to_mask);
+
+/*
+ * Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
+ * and richacl_compute_max_masks() iterate through the entire acl in reverse
+ * order as an optimization.
+ *
+ * In the standard algorithm, aces are considered in forward order. When a
+ * process matches an ace, the permissions in the ace are either allowed or
+ * denied depending on the ace type. Once a permission has been allowed or
+ * denied, it is no longer considered in further aces.
+ *
+ * By iterating through the acl in reverse order, we can compute the same
+ * result without having to keep track of which permissions have been allowed
+ * and denied already.
+ */
+
+/**
+ * richacl_allowed_to_who - permissions allowed to a specific who value
+ *
+ * Compute the maximum mask values allowed to a specific who value, taking
+ * everyone@ aces into account.
+ */
+static unsigned int richacl_allowed_to_who(struct richacl *acl,
+ struct richace *who)
+{
+ struct richace *ace;
+ unsigned int allowed = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace))
+ continue;
+ if (richace_is_same_identifier(ace, who) ||
+ richace_is_everyone(ace)) {
+ if (richace_is_allow(ace))
+ allowed |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ allowed &= ~ace->e_mask;
+ }
+ }
+ return allowed;
+}
+
+/**
+ * richacl_group_class_allowed - maximum permissions of the group class
+ *
+ * Compute the maximum mask values allowed to a process in the group class
+ * (i.e., a process which is not the owner but is in the owning group or
+ * matches a user or group acl entry). This includes permissions granted or
+ * denied by everyone@ aces.
+ *
+ * See richacl_compute_max_masks().
+ */
+static unsigned int richacl_group_class_allowed(struct richacl *acl)
+{
+ struct richace *ace;
+ unsigned int everyone_allowed = 0, group_class_allowed = 0;
+ int had_group_ace = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace) ||
+ richace_is_owner(ace))
+ continue;
+
+ if (richace_is_everyone(ace)) {
+ if (richace_is_allow(ace))
+ everyone_allowed |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ everyone_allowed &= ~ace->e_mask;
+ } else {
+ group_class_allowed |=
+ richacl_allowed_to_who(acl, ace);
+
+ if (richace_is_group(ace))
+ had_group_ace = 1;
+ }
+ }
+ /*
+ * If the acl doesn't contain any group@ aces, richacl_allowed_to_who()
+ * wasn't called for the owning group. We could make that call now, but
+ * we already know the result (everyone_allowed).
+ */
+ if (!had_group_ace)
+ group_class_allowed |= everyone_allowed;
+ return group_class_allowed;
+}
+
+/**
+ * richacl_compute_max_masks - compute upper bound masks
+ *
+ * Computes upper bound owner, group, and other masks so that none of
+ * the mask flags allowed by the acl are disabled (for any user with any
+ * group membership).
+ */
+void richacl_compute_max_masks(struct richacl *acl, kuid_t owner)
+{
+ unsigned int gmask = ~0;
+ struct richace *ace;
+
+ /*
+ * @gmask contains all permissions which the group class is ever
+ * allowed. We use it to avoid adding permissions to the group mask
+ * from everyone@ allow aces which the group class is always denied
+ * through other aces. For example, the following acl would otherwise
+ * result in a group mask of rw:
+ *
+ * group@:w::deny
+ * everyone@:rw::allow
+ *
+ * Avoid computing @gmask for acls which do not include any group class
+ * deny aces: in such acls, the group class is never denied any
+ * permissions from everyone@ allow aces, and the group class cannot
+ * have fewer permissions than the other class.
+ */
+
+restart:
+ acl->a_owner_mask = 0;
+ acl->a_group_mask = 0;
+ acl->a_other_mask = 0;
+
+ richacl_for_each_entry_reverse(ace, acl) {
+ if (richace_is_inherit_only(ace))
+ continue;
+
+ if (richace_is_owner(ace) ||
+ (richace_is_unix_user(ace) &&
+ uid_eq(ace->e_id.uid, owner))) {
+ if (richace_is_allow(ace))
+ acl->a_owner_mask |= ace->e_mask;
+ else if (richace_is_deny(ace))
+ acl->a_owner_mask &= ~ace->e_mask;
+ } else if (richace_is_everyone(ace)) {
+ if (richace_is_allow(ace)) {
+ acl->a_owner_mask |= ace->e_mask;
+ acl->a_group_mask |= ace->e_mask & gmask;
+ acl->a_other_mask |= ace->e_mask;
+ } else if (richace_is_deny(ace)) {
+ acl->a_owner_mask &= ~ace->e_mask;
+ acl->a_group_mask &= ~ace->e_mask;
+ acl->a_other_mask &= ~ace->e_mask;
+ }
+ } else {
+ if (richace_is_allow(ace)) {
+ acl->a_owner_mask |= ace->e_mask & gmask;
+ acl->a_group_mask |= ace->e_mask & gmask;
+ } else if (richace_is_deny(ace) && gmask == ~0) {
+ gmask = richacl_group_class_allowed(acl);
+ if (likely(gmask != ~0))
+ /* should always be true */
+ goto restart;
+ }
+ }
+ }
+
+ acl->a_flags &= ~(RICHACL_WRITE_THROUGH | RICHACL_MASKED);
+}
+EXPORT_SYMBOL_GPL(richacl_compute_max_masks);
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index f4ba113..3d719db 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -303,5 +303,6 @@ extern void richace_copy(struct richace *, const struct richace *);
extern int richacl_masks_to_mode(const struct richacl *);
extern unsigned int richacl_mode_to_mask(mode_t);
extern unsigned int richacl_want_to_mask(unsigned int);
+extern void richacl_compute_max_masks(struct richacl *, kuid_t);
#endif /* __RICHACL_H */
--
2.5.0
next prev parent reply other threads:[~2015-08-04 11:53 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-04 11:52 [RFC v6 00/40] Richacls Andreas Gruenbacher
2015-08-04 11:52 ` Andreas Gruenbacher
2015-08-04 11:52 ` [RFC v6 01/40] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
[not found] ` <1438689218-6921-2-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-08-28 20:34 ` J. Bruce Fields
2015-08-28 20:34 ` J. Bruce Fields
2015-08-04 11:53 ` [RFC v6 02/40] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
[not found] ` <1438689218-6921-3-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-09-02 18:53 ` J. Bruce Fields
2015-09-02 18:53 ` J. Bruce Fields
[not found] ` <20150902185300.GA3319-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2015-09-02 19:06 ` Andreas Gruenbacher
2015-09-02 19:06 ` Andreas Gruenbacher
2015-09-02 19:20 ` J. Bruce Fields
[not found] ` <20150902192008.GB3319-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2015-09-02 20:23 ` Andreas Gruenbacher
2015-09-02 20:23 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 03/40] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2015-08-28 20:44 ` J. Bruce Fields
[not found] ` <20150828204413.GB23326-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2015-08-28 21:08 ` Andreas Gruenbacher
2015-08-28 21:08 ` Andreas Gruenbacher
[not found] ` <1438689218-6921-4-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-08-28 21:36 ` Andy Lutomirski
2015-08-28 21:36 ` Andy Lutomirski
[not found] ` <CALCETrUoBnPyEGExpoDzHOCgnHh5=a1ROALmb63LLJZG+L=aQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-28 21:54 ` Andreas Grünbacher
2015-08-28 21:54 ` Andreas Grünbacher
2015-08-29 1:04 ` Andy Lutomirski
2015-08-28 21:57 ` J. Bruce Fields
2015-08-28 21:57 ` J. Bruce Fields
2015-08-04 11:53 ` [RFC v6 04/40] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 05/40] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 06/40] richacl: In-memory representation and helper functions Andreas Gruenbacher
[not found] ` <1438689218-6921-1-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-08-04 11:53 ` [RFC v6 07/40] richacl: Permission mapping functions Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher [this message]
2015-08-04 11:53 ` [RFC v6 08/40] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
[not found] ` <1438689218-6921-9-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-09-02 19:54 ` J. Bruce Fields
2015-09-02 19:54 ` J. Bruce Fields
[not found] ` <20150902195408.GC3319-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2015-09-02 19:54 ` J. Bruce Fields
2015-09-02 19:54 ` J. Bruce Fields
2015-09-02 20:38 ` Andreas Gruenbacher
2015-09-02 20:38 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 18/40] ext4: Add richacl support Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 23/40] richacl: Set the owner permissions to the owner mask Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 30/40] nfsd: Add richacl support Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 34/40] ext4: Don't allow unmapped identifiers in richacls Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 39/40] nfs: Add richacl support Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 40/40] nfs: Add support for the v4.1 dacl attribute Andreas Gruenbacher
2015-08-04 11:53 ` Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 09/40] richacl: Update the file masks in chmod() Andreas Gruenbacher
[not found] ` <1438689218-6921-10-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-09-01 21:38 ` J. Bruce Fields
2015-09-01 21:38 ` J. Bruce Fields
[not found] ` <20150901213816.GH10468-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2015-09-02 6:08 ` Andreas Grünbacher
2015-09-02 6:08 ` Andreas Grünbacher
2015-08-04 11:53 ` [RFC v6 10/40] richacl: Permission check algorithm Andreas Gruenbacher
[not found] ` <1438689218-6921-11-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-08-28 21:49 ` J. Bruce Fields
2015-08-28 21:49 ` J. Bruce Fields
2015-08-28 22:06 ` Andreas Grünbacher
[not found] ` <CAHpGcMJT0kQyrvCkur0csCmRn-LwUOJcRWqAfLaqCpNd2b8UXA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-31 15:23 ` J. Bruce Fields
2015-08-31 15:23 ` J. Bruce Fields
2015-08-04 11:53 ` [RFC v6 11/40] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 12/40] vfs: Cache richacl in struct inode Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 13/40] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 14/40] richacl: Create-time inheritance Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 15/40] richacl: Automatic Inheritance Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 16/40] richacl: xattr mapping functions Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 17/40] vfs: Add richacl permission checking Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 19/40] ext4: Add richacl feature flag Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 20/40] richacl: acl editing helper functions Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 21/40] richacl: Move everyone@ aces down the acl Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 22/40] richacl: Propagate everyone@ permissions to other aces Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 24/40] richacl: Set the other permissions to the other mask Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 25/40] richacl: Isolate the owner and group classes Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 26/40] richacl: Apply the file masks to a richacl Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 27/40] richacl: Create richacl from mode values Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 28/40] nfsd: Keep list of acls to dispose of in compoundargs Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 29/40] nfsd: Use richacls as internal acl representation Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 31/40] nfsd: Add support for the v4.1 dacl attribute Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 32/40] nfsd: Add support for the MAY_CREATE_{FILE,DIR} permissions Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 33/40] richacl: Add support for unmapped identifiers Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 35/40] sunrpc: Allow to demand-allocate pages to encode into Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 36/40] sunrpc: Add xdr_init_encode_pages Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 37/40] nfs: Fix GETATTR bitmap verification Andreas Gruenbacher
2015-08-04 11:53 ` [RFC v6 38/40] nfs: Remove unused xdr page offsets in getacl/setacl arguments Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438689218-6921-9-git-send-email-agruenba@redhat.com \
--to=andreas.gruenbacher-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.