From: Jeff Layton <jlayton@redhat.com>
To: Andreas Gruenbacher <agruenba@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>,
Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: Re: [PATCH v23 07/22] richacl: Permission mapping functions
Date: Tue, 05 Jul 2016 09:39:46 -0400 [thread overview]
Message-ID: <1467725986.3800.22.camel@redhat.com> (raw)
In-Reply-To: <1467294433-3222-8-git-send-email-agruenba@redhat.com>
On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
> We need to map from POSIX permissions to NFSv4 permissions when a
> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl
> is set (which implicitly sets the file permission bits), and from the
> MAY_READ/MAY_WRITE/MAY_EXEC/MAY_APPEND flags to NFSv4 permissions when
> doing an access check in a richacl.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
> ---
> fs/richacl.c | 118 +++++++++++++++++++++++++++++++++++++++++++
> include/linux/richacl.h | 3 ++
> include/uapi/linux/richacl.h | 44 ++++++++++++++++
> 3 files changed, 165 insertions(+)
>
> diff --git a/fs/richacl.c b/fs/richacl.c
> index bcc6591..d0a4135 100644
> --- a/fs/richacl.c
> +++ b/fs/richacl.c
> @@ -63,3 +63,121 @@ richace_copy(struct richace *to, const struct richace *from)
> {
> memcpy(to, from, sizeof(struct richace));
> }
> +
> +/*
> + * richacl_mask_to_mode - compute the file permission bits from mask
> + * @mask: %RICHACE_* permission mask
> + *
> + * Compute the file permission bits corresponding to a particular set of
> + * richacl permissions.
> + *
> + * See richacl_masks_to_mode().
> + */
> +static int
> +richacl_mask_to_mode(unsigned int mask)
> +{
> + int mode = 0;
> +
> + if (mask & RICHACE_POSIX_MODE_READ)
> + mode |= S_IROTH;
> + if (mask & RICHACE_POSIX_MODE_WRITE)
> + mode |= S_IWOTH;
> + if (mask & RICHACE_POSIX_MODE_EXEC)
> + mode |= S_IXOTH;
> +
> + return mode;
> +}
> +
> +/**
> + * richacl_masks_to_mode - compute file permission bits from file masks
> + *
> + * When setting a richacl, we set the file permission bits to indicate maximum
> + * permissions: for example, we set the Write permission when a mask contains
> + * RICHACE_APPEND_DATA even if it does not also contain RICHACE_WRITE_DATA.
> + *
> + * Permissions which are not in RICHACE_POSIX_MODE_READ,
> + * RICHACE_POSIX_MODE_WRITE, or RICHACE_POSIX_MODE_EXEC cannot be represented
> + * in the file permission bits. Such permissions can still be effective, but
> + * not for new files or after a chmod(); they must be explicitly enabled in the
> + * richacl.
> + */
> +int
> +richacl_masks_to_mode(const struct richacl *acl)
> +{
> + return richacl_mask_to_mode(acl->a_owner_mask) << 6 |
> + richacl_mask_to_mode(acl->a_group_mask) << 3 |
> + richacl_mask_to_mode(acl->a_other_mask);
> +}
> +EXPORT_SYMBOL_GPL(richacl_masks_to_mode);
> +
> +/**
> + * richacl_mode_to_mask - compute a file mask from the lowest three mode bits
> + * @mode: mode to convert to richacl permissions
> + *
> + * When the file permission bits of a file are set with chmod(), this specifies
> + * the maximum permissions that processes will get. All permissions beyond
> + * that will be removed from the file masks, and become ineffective.
> + */
> +unsigned int
> +richacl_mode_to_mask(umode_t mode)
> +{
> + unsigned int mask = 0;
> +
> + if (mode & S_IROTH)
> + mask |= RICHACE_POSIX_MODE_READ;
> + if (mode & S_IWOTH)
> + mask |= RICHACE_POSIX_MODE_WRITE;
> + if (mode & S_IXOTH)
> + mask |= RICHACE_POSIX_MODE_EXEC;
> +
> + return mask;
> +}
> +
> +/**
> + * richacl_want_to_mask - convert the iop->permission want argument to a mask
> + * @want: @want argument of the permission inode operation
> + *
> + * When checking for append, @want is (MAY_WRITE | MAY_APPEND).
> + *
> + * Richacls use the iop->may_create and iop->may_delete hooks which are used
> + * for checking if creating and deleting files is allowed. These hooks do not
> + * use richacl_want_to_mask(), so we do not have to deal with mapping MAY_WRITE
> + * to RICHACE_ADD_FILE, RICHACE_ADD_SUBDIRECTORY, and RICHACE_DELETE_CHILD
> + * here.
> + */
This comment is confusing as I don't see any may_create or may_delete
iops in the final patchset. Do you mean may_create() and may_delete()
here?
> +unsigned int
> +richacl_want_to_mask(unsigned int want)
> +{
> + unsigned int mask = 0;
> +
> + if (want & MAY_READ)
> + mask |= RICHACE_READ_DATA;
> + if (want & MAY_DELETE_SELF)
> + mask |= RICHACE_DELETE;
> + if (want & MAY_TAKE_OWNERSHIP)
> + mask |= RICHACE_WRITE_OWNER;
> + if (want & MAY_CHMOD)
> + mask |= RICHACE_WRITE_ACL;
> + if (want & MAY_SET_TIMES)
> + mask |= RICHACE_WRITE_ATTRIBUTES;
> + if (want & MAY_EXEC)
> + mask |= RICHACE_EXECUTE;
> + /*
> + * differentiate MAY_WRITE from these request
> + */
> + if (want & (MAY_APPEND |
> + MAY_CREATE_FILE | MAY_CREATE_DIR |
> + MAY_DELETE_CHILD)) {
> + if (want & MAY_APPEND)
> + mask |= RICHACE_APPEND_DATA;
> + if (want & MAY_CREATE_FILE)
> + mask |= RICHACE_ADD_FILE;
> + if (want & MAY_CREATE_DIR)
> + mask |= RICHACE_ADD_SUBDIRECTORY;
> + if (want & MAY_DELETE_CHILD)
> + mask |= RICHACE_DELETE_CHILD;
> + } else if (want & MAY_WRITE)
> + mask |= RICHACE_WRITE_DATA;
> + return mask;
> +}
> +EXPORT_SYMBOL_GPL(richacl_want_to_mask);
> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
> index edb8480..9102ef0 100644
> --- a/include/linux/richacl.h
> +++ b/include/linux/richacl.h
> @@ -175,5 +175,8 @@ richace_is_same_identifier(const struct richace *a, const struct richace *b)
> extern struct richacl *richacl_alloc(int, gfp_t);
> extern struct richacl *richacl_clone(const struct richacl *, gfp_t);
> extern void richace_copy(struct richace *, const struct richace *);
> +extern int richacl_masks_to_mode(const struct richacl *);
> +extern unsigned int richacl_mode_to_mask(umode_t);
> +extern unsigned int richacl_want_to_mask(unsigned int);
>
> #endif /* __RICHACL_H */
> diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h
> index 08856f8..1ed48ac 100644
> --- a/include/uapi/linux/richacl.h
> +++ b/include/uapi/linux/richacl.h
> @@ -96,4 +96,48 @@
> RICHACE_WRITE_OWNER | \
> RICHACE_SYNCHRONIZE )
>
> +/*
> + * The POSIX permissions are supersets of the following richacl permissions:
> + *
> + * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type
> + * of the file system object.
> + *
> + * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to
> + * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories.
> + *
> + * - MAY_EXECUTE maps to RICHACE_EXECUTE.
> + *
> + * (Some of these richacl permissions have the same bit values.)
> + */
> +#define RICHACE_POSIX_MODE_READ ( \
> + RICHACE_READ_DATA | \
> + RICHACE_LIST_DIRECTORY)
> +#define RICHACE_POSIX_MODE_WRITE ( \
> + RICHACE_WRITE_DATA | \
> + RICHACE_ADD_FILE | \
> + RICHACE_APPEND_DATA | \
> + RICHACE_ADD_SUBDIRECTORY | \
> + RICHACE_DELETE_CHILD)
> +#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE
> +#define RICHACE_POSIX_MODE_ALL ( \
> + RICHACE_POSIX_MODE_READ | \
> + RICHACE_POSIX_MODE_WRITE | \
> + RICHACE_POSIX_MODE_EXEC)
> +
> +/*
> + * These permissions are always allowed no matter what the acl says.
> + */
> +#define RICHACE_POSIX_ALWAYS_ALLOWED ( \
> + RICHACE_SYNCHRONIZE | \
> + RICHACE_READ_ATTRIBUTES | \
> + RICHACE_READ_ACL)
> +
> +/*
> + * The owner is implicitly granted these permissions under POSIX.
> + */
> +#define RICHACE_POSIX_OWNER_ALLOWED ( \
> + RICHACE_WRITE_ATTRIBUTES | \
> + RICHACE_WRITE_OWNER | \
> + RICHACE_WRITE_ACL)
> +
> #endif /* __UAPI_RICHACL_H */
Other than the confusing comment, this looks ok.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jeff Layton <jlayton@redhat.com>
To: Andreas Gruenbacher <agruenba@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: Re: [PATCH v23 07/22] richacl: Permission mapping functions
Date: Tue, 05 Jul 2016 09:39:46 -0400 [thread overview]
Message-ID: <1467725986.3800.22.camel@redhat.com> (raw)
In-Reply-To: <1467294433-3222-8-git-send-email-agruenba@redhat.com>
On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
> We need to map from POSIX permissions to NFSv4 permissions when a
> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl
> is set (which implicitly sets the file permission bits), and from the
> MAY_READ/MAY_WRITE/MAY_EXEC/MAY_APPEND flags to NFSv4 permissions when
> doing an access check in a richacl.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
> ---
> fs/richacl.c | 118 +++++++++++++++++++++++++++++++++++++++++++
> include/linux/richacl.h | 3 ++
> include/uapi/linux/richacl.h | 44 ++++++++++++++++
> 3 files changed, 165 insertions(+)
>
> diff --git a/fs/richacl.c b/fs/richacl.c
> index bcc6591..d0a4135 100644
> --- a/fs/richacl.c
> +++ b/fs/richacl.c
> @@ -63,3 +63,121 @@ richace_copy(struct richace *to, const struct richace *from)
> {
> memcpy(to, from, sizeof(struct richace));
> }
> +
> +/*
> + * richacl_mask_to_mode - compute the file permission bits from mask
> + * @mask: %RICHACE_* permission mask
> + *
> + * Compute the file permission bits corresponding to a particular set of
> + * richacl permissions.
> + *
> + * See richacl_masks_to_mode().
> + */
> +static int
> +richacl_mask_to_mode(unsigned int mask)
> +{
> + int mode = 0;
> +
> + if (mask & RICHACE_POSIX_MODE_READ)
> + mode |= S_IROTH;
> + if (mask & RICHACE_POSIX_MODE_WRITE)
> + mode |= S_IWOTH;
> + if (mask & RICHACE_POSIX_MODE_EXEC)
> + mode |= S_IXOTH;
> +
> + return mode;
> +}
> +
> +/**
> + * richacl_masks_to_mode - compute file permission bits from file masks
> + *
> + * When setting a richacl, we set the file permission bits to indicate maximum
> + * permissions: for example, we set the Write permission when a mask contains
> + * RICHACE_APPEND_DATA even if it does not also contain RICHACE_WRITE_DATA.
> + *
> + * Permissions which are not in RICHACE_POSIX_MODE_READ,
> + * RICHACE_POSIX_MODE_WRITE, or RICHACE_POSIX_MODE_EXEC cannot be represented
> + * in the file permission bits. Such permissions can still be effective, but
> + * not for new files or after a chmod(); they must be explicitly enabled in the
> + * richacl.
> + */
> +int
> +richacl_masks_to_mode(const struct richacl *acl)
> +{
> + return richacl_mask_to_mode(acl->a_owner_mask) << 6 |
> + richacl_mask_to_mode(acl->a_group_mask) << 3 |
> + richacl_mask_to_mode(acl->a_other_mask);
> +}
> +EXPORT_SYMBOL_GPL(richacl_masks_to_mode);
> +
> +/**
> + * richacl_mode_to_mask - compute a file mask from the lowest three mode bits
> + * @mode: mode to convert to richacl permissions
> + *
> + * When the file permission bits of a file are set with chmod(), this specifies
> + * the maximum permissions that processes will get. All permissions beyond
> + * that will be removed from the file masks, and become ineffective.
> + */
> +unsigned int
> +richacl_mode_to_mask(umode_t mode)
> +{
> + unsigned int mask = 0;
> +
> + if (mode & S_IROTH)
> + mask |= RICHACE_POSIX_MODE_READ;
> + if (mode & S_IWOTH)
> + mask |= RICHACE_POSIX_MODE_WRITE;
> + if (mode & S_IXOTH)
> + mask |= RICHACE_POSIX_MODE_EXEC;
> +
> + return mask;
> +}
> +
> +/**
> + * richacl_want_to_mask - convert the iop->permission want argument to a mask
> + * @want: @want argument of the permission inode operation
> + *
> + * When checking for append, @want is (MAY_WRITE | MAY_APPEND).
> + *
> + * Richacls use the iop->may_create and iop->may_delete hooks which are used
> + * for checking if creating and deleting files is allowed. These hooks do not
> + * use richacl_want_to_mask(), so we do not have to deal with mapping MAY_WRITE
> + * to RICHACE_ADD_FILE, RICHACE_ADD_SUBDIRECTORY, and RICHACE_DELETE_CHILD
> + * here.
> + */
This comment is confusing as I don't see any may_create or may_delete
iops in the final patchset. Do you mean may_create() and may_delete()
here?
> +unsigned int
> +richacl_want_to_mask(unsigned int want)
> +{
> + unsigned int mask = 0;
> +
> + if (want & MAY_READ)
> + mask |= RICHACE_READ_DATA;
> + if (want & MAY_DELETE_SELF)
> + mask |= RICHACE_DELETE;
> + if (want & MAY_TAKE_OWNERSHIP)
> + mask |= RICHACE_WRITE_OWNER;
> + if (want & MAY_CHMOD)
> + mask |= RICHACE_WRITE_ACL;
> + if (want & MAY_SET_TIMES)
> + mask |= RICHACE_WRITE_ATTRIBUTES;
> + if (want & MAY_EXEC)
> + mask |= RICHACE_EXECUTE;
> + /*
> + * differentiate MAY_WRITE from these request
> + */
> + if (want & (MAY_APPEND |
> + MAY_CREATE_FILE | MAY_CREATE_DIR |
> + MAY_DELETE_CHILD)) {
> + if (want & MAY_APPEND)
> + mask |= RICHACE_APPEND_DATA;
> + if (want & MAY_CREATE_FILE)
> + mask |= RICHACE_ADD_FILE;
> + if (want & MAY_CREATE_DIR)
> + mask |= RICHACE_ADD_SUBDIRECTORY;
> + if (want & MAY_DELETE_CHILD)
> + mask |= RICHACE_DELETE_CHILD;
> + } else if (want & MAY_WRITE)
> + mask |= RICHACE_WRITE_DATA;
> + return mask;
> +}
> +EXPORT_SYMBOL_GPL(richacl_want_to_mask);
> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
> index edb8480..9102ef0 100644
> --- a/include/linux/richacl.h
> +++ b/include/linux/richacl.h
> @@ -175,5 +175,8 @@ richace_is_same_identifier(const struct richace *a, const struct richace *b)
> extern struct richacl *richacl_alloc(int, gfp_t);
> extern struct richacl *richacl_clone(const struct richacl *, gfp_t);
> extern void richace_copy(struct richace *, const struct richace *);
> +extern int richacl_masks_to_mode(const struct richacl *);
> +extern unsigned int richacl_mode_to_mask(umode_t);
> +extern unsigned int richacl_want_to_mask(unsigned int);
>
> #endif /* __RICHACL_H */
> diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h
> index 08856f8..1ed48ac 100644
> --- a/include/uapi/linux/richacl.h
> +++ b/include/uapi/linux/richacl.h
> @@ -96,4 +96,48 @@
> RICHACE_WRITE_OWNER | \
> RICHACE_SYNCHRONIZE )
>
> +/*
> + * The POSIX permissions are supersets of the following richacl permissions:
> + *
> + * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type
> + * of the file system object.
> + *
> + * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to
> + * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories.
> + *
> + * - MAY_EXECUTE maps to RICHACE_EXECUTE.
> + *
> + * (Some of these richacl permissions have the same bit values.)
> + */
> +#define RICHACE_POSIX_MODE_READ ( \
> + RICHACE_READ_DATA | \
> + RICHACE_LIST_DIRECTORY)
> +#define RICHACE_POSIX_MODE_WRITE ( \
> + RICHACE_WRITE_DATA | \
> + RICHACE_ADD_FILE | \
> + RICHACE_APPEND_DATA | \
> + RICHACE_ADD_SUBDIRECTORY | \
> + RICHACE_DELETE_CHILD)
> +#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE
> +#define RICHACE_POSIX_MODE_ALL ( \
> + RICHACE_POSIX_MODE_READ | \
> + RICHACE_POSIX_MODE_WRITE | \
> + RICHACE_POSIX_MODE_EXEC)
> +
> +/*
> + * These permissions are always allowed no matter what the acl says.
> + */
> +#define RICHACE_POSIX_ALWAYS_ALLOWED ( \
> + RICHACE_SYNCHRONIZE | \
> + RICHACE_READ_ATTRIBUTES | \
> + RICHACE_READ_ACL)
> +
> +/*
> + * The owner is implicitly granted these permissions under POSIX.
> + */
> +#define RICHACE_POSIX_OWNER_ALLOWED ( \
> + RICHACE_WRITE_ATTRIBUTES | \
> + RICHACE_WRITE_OWNER | \
> + RICHACE_WRITE_ACL)
> +
> #endif /* __UAPI_RICHACL_H */
Other than the confusing comment, this looks ok.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
WARNING: multiple messages have this Message-ID (diff)
From: Jeff Layton <jlayton@redhat.com>
To: Andreas Gruenbacher <agruenba@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
linux-nfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
linux-cifs@vger.kernel.org, linux-api@vger.kernel.org,
Trond Myklebust <trond.myklebust@primarydata.com>,
linux-kernel@vger.kernel.org, xfs@oss.sgi.com,
Christoph Hellwig <hch@infradead.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
Anna Schumaker <anna.schumaker@netapp.com>
Subject: Re: [PATCH v23 07/22] richacl: Permission mapping functions
Date: Tue, 05 Jul 2016 09:39:46 -0400 [thread overview]
Message-ID: <1467725986.3800.22.camel@redhat.com> (raw)
In-Reply-To: <1467294433-3222-8-git-send-email-agruenba@redhat.com>
On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
> We need to map from POSIX permissions to NFSv4 permissions when a
> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl
> is set (which implicitly sets the file permission bits), and from the
> MAY_READ/MAY_WRITE/MAY_EXEC/MAY_APPEND flags to NFSv4 permissions when
> doing an access check in a richacl.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
> ---
> fs/richacl.c | 118 +++++++++++++++++++++++++++++++++++++++++++
> include/linux/richacl.h | 3 ++
> include/uapi/linux/richacl.h | 44 ++++++++++++++++
> 3 files changed, 165 insertions(+)
>
> diff --git a/fs/richacl.c b/fs/richacl.c
> index bcc6591..d0a4135 100644
> --- a/fs/richacl.c
> +++ b/fs/richacl.c
> @@ -63,3 +63,121 @@ richace_copy(struct richace *to, const struct richace *from)
> {
> memcpy(to, from, sizeof(struct richace));
> }
> +
> +/*
> + * richacl_mask_to_mode - compute the file permission bits from mask
> + * @mask: %RICHACE_* permission mask
> + *
> + * Compute the file permission bits corresponding to a particular set of
> + * richacl permissions.
> + *
> + * See richacl_masks_to_mode().
> + */
> +static int
> +richacl_mask_to_mode(unsigned int mask)
> +{
> + int mode = 0;
> +
> + if (mask & RICHACE_POSIX_MODE_READ)
> + mode |= S_IROTH;
> + if (mask & RICHACE_POSIX_MODE_WRITE)
> + mode |= S_IWOTH;
> + if (mask & RICHACE_POSIX_MODE_EXEC)
> + mode |= S_IXOTH;
> +
> + return mode;
> +}
> +
> +/**
> + * richacl_masks_to_mode - compute file permission bits from file masks
> + *
> + * When setting a richacl, we set the file permission bits to indicate maximum
> + * permissions: for example, we set the Write permission when a mask contains
> + * RICHACE_APPEND_DATA even if it does not also contain RICHACE_WRITE_DATA.
> + *
> + * Permissions which are not in RICHACE_POSIX_MODE_READ,
> + * RICHACE_POSIX_MODE_WRITE, or RICHACE_POSIX_MODE_EXEC cannot be represented
> + * in the file permission bits. Such permissions can still be effective, but
> + * not for new files or after a chmod(); they must be explicitly enabled in the
> + * richacl.
> + */
> +int
> +richacl_masks_to_mode(const struct richacl *acl)
> +{
> + return richacl_mask_to_mode(acl->a_owner_mask) << 6 |
> + richacl_mask_to_mode(acl->a_group_mask) << 3 |
> + richacl_mask_to_mode(acl->a_other_mask);
> +}
> +EXPORT_SYMBOL_GPL(richacl_masks_to_mode);
> +
> +/**
> + * richacl_mode_to_mask - compute a file mask from the lowest three mode bits
> + * @mode: mode to convert to richacl permissions
> + *
> + * When the file permission bits of a file are set with chmod(), this specifies
> + * the maximum permissions that processes will get. All permissions beyond
> + * that will be removed from the file masks, and become ineffective.
> + */
> +unsigned int
> +richacl_mode_to_mask(umode_t mode)
> +{
> + unsigned int mask = 0;
> +
> + if (mode & S_IROTH)
> + mask |= RICHACE_POSIX_MODE_READ;
> + if (mode & S_IWOTH)
> + mask |= RICHACE_POSIX_MODE_WRITE;
> + if (mode & S_IXOTH)
> + mask |= RICHACE_POSIX_MODE_EXEC;
> +
> + return mask;
> +}
> +
> +/**
> + * richacl_want_to_mask - convert the iop->permission want argument to a mask
> + * @want: @want argument of the permission inode operation
> + *
> + * When checking for append, @want is (MAY_WRITE | MAY_APPEND).
> + *
> + * Richacls use the iop->may_create and iop->may_delete hooks which are used
> + * for checking if creating and deleting files is allowed. These hooks do not
> + * use richacl_want_to_mask(), so we do not have to deal with mapping MAY_WRITE
> + * to RICHACE_ADD_FILE, RICHACE_ADD_SUBDIRECTORY, and RICHACE_DELETE_CHILD
> + * here.
> + */
This comment is confusing as I don't see any may_create or may_delete
iops in the final patchset. Do you mean may_create() and may_delete()
here?
> +unsigned int
> +richacl_want_to_mask(unsigned int want)
> +{
> + unsigned int mask = 0;
> +
> + if (want & MAY_READ)
> + mask |= RICHACE_READ_DATA;
> + if (want & MAY_DELETE_SELF)
> + mask |= RICHACE_DELETE;
> + if (want & MAY_TAKE_OWNERSHIP)
> + mask |= RICHACE_WRITE_OWNER;
> + if (want & MAY_CHMOD)
> + mask |= RICHACE_WRITE_ACL;
> + if (want & MAY_SET_TIMES)
> + mask |= RICHACE_WRITE_ATTRIBUTES;
> + if (want & MAY_EXEC)
> + mask |= RICHACE_EXECUTE;
> + /*
> + * differentiate MAY_WRITE from these request
> + */
> + if (want & (MAY_APPEND |
> + MAY_CREATE_FILE | MAY_CREATE_DIR |
> + MAY_DELETE_CHILD)) {
> + if (want & MAY_APPEND)
> + mask |= RICHACE_APPEND_DATA;
> + if (want & MAY_CREATE_FILE)
> + mask |= RICHACE_ADD_FILE;
> + if (want & MAY_CREATE_DIR)
> + mask |= RICHACE_ADD_SUBDIRECTORY;
> + if (want & MAY_DELETE_CHILD)
> + mask |= RICHACE_DELETE_CHILD;
> + } else if (want & MAY_WRITE)
> + mask |= RICHACE_WRITE_DATA;
> + return mask;
> +}
> +EXPORT_SYMBOL_GPL(richacl_want_to_mask);
> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
> index edb8480..9102ef0 100644
> --- a/include/linux/richacl.h
> +++ b/include/linux/richacl.h
> @@ -175,5 +175,8 @@ richace_is_same_identifier(const struct richace *a, const struct richace *b)
> extern struct richacl *richacl_alloc(int, gfp_t);
> extern struct richacl *richacl_clone(const struct richacl *, gfp_t);
> extern void richace_copy(struct richace *, const struct richace *);
> +extern int richacl_masks_to_mode(const struct richacl *);
> +extern unsigned int richacl_mode_to_mask(umode_t);
> +extern unsigned int richacl_want_to_mask(unsigned int);
>
> #endif /* __RICHACL_H */
> diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h
> index 08856f8..1ed48ac 100644
> --- a/include/uapi/linux/richacl.h
> +++ b/include/uapi/linux/richacl.h
> @@ -96,4 +96,48 @@
> RICHACE_WRITE_OWNER | \
> RICHACE_SYNCHRONIZE )
>
> +/*
> + * The POSIX permissions are supersets of the following richacl permissions:
> + *
> + * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type
> + * of the file system object.
> + *
> + * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to
> + * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories.
> + *
> + * - MAY_EXECUTE maps to RICHACE_EXECUTE.
> + *
> + * (Some of these richacl permissions have the same bit values.)
> + */
> +#define RICHACE_POSIX_MODE_READ ( \
> + RICHACE_READ_DATA | \
> + RICHACE_LIST_DIRECTORY)
> +#define RICHACE_POSIX_MODE_WRITE ( \
> + RICHACE_WRITE_DATA | \
> + RICHACE_ADD_FILE | \
> + RICHACE_APPEND_DATA | \
> + RICHACE_ADD_SUBDIRECTORY | \
> + RICHACE_DELETE_CHILD)
> +#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE
> +#define RICHACE_POSIX_MODE_ALL ( \
> + RICHACE_POSIX_MODE_READ | \
> + RICHACE_POSIX_MODE_WRITE | \
> + RICHACE_POSIX_MODE_EXEC)
> +
> +/*
> + * These permissions are always allowed no matter what the acl says.
> + */
> +#define RICHACE_POSIX_ALWAYS_ALLOWED ( \
> + RICHACE_SYNCHRONIZE | \
> + RICHACE_READ_ATTRIBUTES | \
> + RICHACE_READ_ACL)
> +
> +/*
> + * The owner is implicitly granted these permissions under POSIX.
> + */
> +#define RICHACE_POSIX_OWNER_ALLOWED ( \
> + RICHACE_WRITE_ATTRIBUTES | \
> + RICHACE_WRITE_OWNER | \
> + RICHACE_WRITE_ACL)
> +
> #endif /* __UAPI_RICHACL_H */
Other than the confusing comment, this looks ok.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2016-07-05 13:39 UTC|newest]
Thread overview: 133+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 13:46 [PATCH v23 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
2016-07-05 11:00 ` Jeff Layton
2016-07-05 11:00 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-3-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:02 ` Jeff Layton
2016-07-05 11:02 ` Jeff Layton
2016-07-05 11:02 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-4-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:07 ` Jeff Layton
2016-07-05 11:07 ` Jeff Layton
2016-07-05 11:07 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-5-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:12 ` Jeff Layton
2016-07-05 11:12 ` Jeff Layton
2016-07-05 11:12 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
2016-07-05 11:18 ` Jeff Layton
2016-07-05 11:18 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
2016-07-05 11:34 ` Jeff Layton
2016-07-05 11:34 ` Jeff Layton
2016-07-05 11:34 ` Jeff Layton
[not found] ` <1467718448.3800.16.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-11 10:11 ` Andreas Gruenbacher
2016-07-11 10:11 ` Andreas Gruenbacher
2016-07-11 10:11 ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
2016-07-05 13:39 ` Jeff Layton [this message]
2016-07-05 13:39 ` Jeff Layton
2016-07-05 13:39 ` Jeff Layton
2016-07-11 13:26 ` Andreas Gruenbacher
2016-07-11 13:26 ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-06-30 13:46 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-9-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 14:22 ` Jeff Layton
2016-07-05 14:22 ` Jeff Layton
2016-07-05 14:22 ` Jeff Layton
2016-07-05 17:08 ` Frank Filz
2016-07-05 17:08 ` Frank Filz
2016-07-05 17:08 ` Frank Filz
2016-07-13 12:34 ` Andreas Gruenbacher
2016-07-13 12:34 ` Andreas Gruenbacher
2016-07-13 19:38 ` Frank Filz
2016-07-13 19:38 ` Frank Filz
2016-07-13 19:38 ` Frank Filz
2016-06-30 13:47 ` [PATCH v23 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-05 14:59 ` Jeff Layton
2016-07-05 14:59 ` Jeff Layton
2016-07-11 13:28 ` Andreas Gruenbacher
2016-07-11 13:28 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 10/22] posix_acl: Improve xattr fixup code Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-11-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 15:38 ` Jeff Layton
2016-07-05 15:38 ` Jeff Layton
2016-07-05 15:38 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-12-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 15:56 ` Jeff Layton
2016-07-05 15:56 ` Jeff Layton
2016-07-05 15:56 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-13-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-06 18:31 ` Jeff Layton
2016-07-06 18:31 ` Jeff Layton
2016-07-06 18:31 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-14-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-06 18:57 ` Jeff Layton
2016-07-06 18:57 ` Jeff Layton
2016-07-06 18:57 ` Jeff Layton
2016-07-14 20:02 ` Andreas Gruenbacher
2016-07-14 20:02 ` Andreas Gruenbacher
[not found] ` <1467831425.2908.16.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-07 14:14 ` David Howells
2016-07-07 14:14 ` David Howells
2016-07-07 14:14 ` David Howells
2016-06-30 13:47 ` [PATCH v23 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
[not found] ` <1467294433-3222-15-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-12 11:36 ` Jeff Layton
2016-07-12 11:36 ` Jeff Layton
2016-07-12 11:36 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 11:39 ` Jeff Layton
2016-07-12 11:39 ` Jeff Layton
2016-07-12 11:39 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 11:41 ` Jeff Layton
2016-07-12 11:41 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 11:56 ` Jeff Layton
2016-07-12 11:56 ` Jeff Layton
2016-07-12 11:56 ` Jeff Layton
[not found] ` <1468324560.7798.14.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-12 19:11 ` J. Bruce Fields
2016-07-12 19:11 ` J. Bruce Fields
2016-07-12 19:11 ` J. Bruce Fields
[not found] ` <20160712191142.GE449-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2016-07-12 20:28 ` Andreas Gruenbacher
2016-07-12 20:28 ` Andreas Gruenbacher
2016-07-12 20:28 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 12:02 ` Jeff Layton
2016-07-12 12:02 ` Jeff Layton
2016-07-14 20:33 ` Andreas Gruenbacher
2016-07-14 20:33 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 12:13 ` Jeff Layton
2016-07-12 12:13 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-07-12 12:13 ` Jeff Layton
2016-07-12 12:13 ` Jeff Layton
2016-07-12 12:13 ` Jeff Layton
[not found] ` <1468325634.7798.24.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-14 20:59 ` Andreas Gruenbacher
2016-07-14 20:59 ` Andreas Gruenbacher
2016-07-14 20:59 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-06-30 13:47 ` Andreas Gruenbacher
2016-06-30 14:11 ` [PATCH v23 00/22] Richacls (Core and Ext4) Volker Lendecke
2016-06-30 14:11 ` Volker Lendecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467725986.3800.22.camel@redhat.com \
--to=jlayton@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=agruenba@redhat.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.