From: Vivek Goyal <vgoyal@redhat.com>
To: Christian Brauner <christian.brauner@canonical.com>
Cc: "Andreas Grünbacher" <andreas.gruenbacher@gmail.com>,
"Linux FS-devel Mailing List" <linux-fsdevel@vger.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
virtio-fs@redhat.com, "Miklos Szeredi" <miklos@szeredi.hu>,
lhenriques@suse.de, dgilbert@redhat.com,
"Seth Forshee" <seth.forshee@canonical.com>,
"Jan Kara" <jack@suse.cz>,
"Andreas Gruenbacher" <agruenba@redhat.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH 1/3] posic_acl: Add a helper determine if SGID should be cleared
Date: Mon, 22 Mar 2021 13:01:11 -0400 [thread overview]
Message-ID: <20210322170111.GE446288@redhat.com> (raw)
In-Reply-To: <20210320100322.ox5gzgauo7iqf2fv@gmail.com>
On Sat, Mar 20, 2021 at 11:03:22AM +0100, Christian Brauner wrote:
> On Fri, Mar 19, 2021 at 11:42:48PM +0100, Andreas Grünbacher wrote:
> > Hi,
> >
> > Am Fr., 19. März 2021 um 20:58 Uhr schrieb Vivek Goyal <vgoyal@redhat.com>:
> > > posix_acl_update_mode() determines what's the equivalent mode and if SGID
> > > needs to be cleared or not. I need to make use of this code in fuse
> > > as well. Fuse will send this information to virtiofs file server and
> > > file server will take care of clearing SGID if it needs to be done.
> > >
> > > Hence move this code in a separate helper so that more than one place
> > > can call into it.
> > >
> > > Cc: Jan Kara <jack@suse.cz>
> > > Cc: Andreas Gruenbacher <agruenba@redhat.com>
> > > Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > > ---
> > > fs/posix_acl.c | 3 +--
> > > include/linux/posix_acl.h | 11 +++++++++++
> > > 2 files changed, 12 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> > > index f3309a7edb49..2d62494c4a5b 100644
> > > --- a/fs/posix_acl.c
> > > +++ b/fs/posix_acl.c
> > > @@ -684,8 +684,7 @@ int posix_acl_update_mode(struct user_namespace *mnt_userns,
> > > return error;
> > > if (error == 0)
> > > *acl = NULL;
> > > - if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > > - !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
> > > + if (posix_acl_mode_clear_sgid(mnt_userns, inode))
> > > mode &= ~S_ISGID;
> > > *mode_p = mode;
> > > return 0;
> > > diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
> > > index 307094ebb88c..073c5e546de3 100644
> > > --- a/include/linux/posix_acl.h
> > > +++ b/include/linux/posix_acl.h
> > > @@ -59,6 +59,17 @@ posix_acl_release(struct posix_acl *acl)
> > > }
> > >
> > >
> > > +static inline bool
> > > +posix_acl_mode_clear_sgid(struct user_namespace *mnt_userns,
> > > + struct inode *inode)
> > > +{
> > > + if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > > + !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
> > > + return true;
> > > +
> > > + return false;
> >
> > That's just
> >
> > return !in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID);
> >
> > The same pattern we have in posix_acl_update_mode also exists in
> > setattr_copy and inode_init_owner, and almost the same pattern exists
> > in setattr_prepare, so can this be cleaned up as well? The function
> > also isn't POSIX ACL specific, so the function name is misleading.
>
> Good idea but that should probably be spun into a separate patchset that
> only touches the vfs parts.
IIUC, suggestion is that I should write a VFS helper (and not posix
acl helper) and use that helper at other places too in the code.
I will do that and post in a separate patch series.
Thanks
Vivek
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com>
To: Christian Brauner <christian.brauner@canonical.com>
Cc: "Jan Kara" <jack@suse.cz>,
"Andreas Gruenbacher" <agruenba@redhat.com>,
"Miklos Szeredi" <miklos@szeredi.hu>,
"Andreas Grünbacher" <andreas.gruenbacher@gmail.com>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
virtio-fs@redhat.com, "Seth Forshee" <seth.forshee@canonical.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Linux FS-devel Mailing List" <linux-fsdevel@vger.kernel.org>
Subject: Re: [Virtio-fs] [PATCH 1/3] posic_acl: Add a helper determine if SGID should be cleared
Date: Mon, 22 Mar 2021 13:01:11 -0400 [thread overview]
Message-ID: <20210322170111.GE446288@redhat.com> (raw)
In-Reply-To: <20210320100322.ox5gzgauo7iqf2fv@gmail.com>
On Sat, Mar 20, 2021 at 11:03:22AM +0100, Christian Brauner wrote:
> On Fri, Mar 19, 2021 at 11:42:48PM +0100, Andreas Grünbacher wrote:
> > Hi,
> >
> > Am Fr., 19. März 2021 um 20:58 Uhr schrieb Vivek Goyal <vgoyal@redhat.com>:
> > > posix_acl_update_mode() determines what's the equivalent mode and if SGID
> > > needs to be cleared or not. I need to make use of this code in fuse
> > > as well. Fuse will send this information to virtiofs file server and
> > > file server will take care of clearing SGID if it needs to be done.
> > >
> > > Hence move this code in a separate helper so that more than one place
> > > can call into it.
> > >
> > > Cc: Jan Kara <jack@suse.cz>
> > > Cc: Andreas Gruenbacher <agruenba@redhat.com>
> > > Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > > ---
> > > fs/posix_acl.c | 3 +--
> > > include/linux/posix_acl.h | 11 +++++++++++
> > > 2 files changed, 12 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> > > index f3309a7edb49..2d62494c4a5b 100644
> > > --- a/fs/posix_acl.c
> > > +++ b/fs/posix_acl.c
> > > @@ -684,8 +684,7 @@ int posix_acl_update_mode(struct user_namespace *mnt_userns,
> > > return error;
> > > if (error == 0)
> > > *acl = NULL;
> > > - if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > > - !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
> > > + if (posix_acl_mode_clear_sgid(mnt_userns, inode))
> > > mode &= ~S_ISGID;
> > > *mode_p = mode;
> > > return 0;
> > > diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
> > > index 307094ebb88c..073c5e546de3 100644
> > > --- a/include/linux/posix_acl.h
> > > +++ b/include/linux/posix_acl.h
> > > @@ -59,6 +59,17 @@ posix_acl_release(struct posix_acl *acl)
> > > }
> > >
> > >
> > > +static inline bool
> > > +posix_acl_mode_clear_sgid(struct user_namespace *mnt_userns,
> > > + struct inode *inode)
> > > +{
> > > + if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > > + !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
> > > + return true;
> > > +
> > > + return false;
> >
> > That's just
> >
> > return !in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
> > !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID);
> >
> > The same pattern we have in posix_acl_update_mode also exists in
> > setattr_copy and inode_init_owner, and almost the same pattern exists
> > in setattr_prepare, so can this be cleaned up as well? The function
> > also isn't POSIX ACL specific, so the function name is misleading.
>
> Good idea but that should probably be spun into a separate patchset that
> only touches the vfs parts.
IIUC, suggestion is that I should write a VFS helper (and not posix
acl helper) and use that helper at other places too in the code.
I will do that and post in a separate patch series.
Thanks
Vivek
next prev parent reply other threads:[~2021-03-22 17:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 19:55 [PATCH 0/3] fuse: Fix clearing SGID when access ACL is set Vivek Goyal
2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal
2021-03-19 19:55 ` [PATCH 1/3] posic_acl: Add a helper determine if SGID should be cleared Vivek Goyal
2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal
2021-03-19 22:42 ` Andreas Grünbacher
2021-03-19 22:42 ` [Virtio-fs] " Andreas Grünbacher
2021-03-20 10:03 ` Christian Brauner
2021-03-20 10:03 ` [Virtio-fs] " Christian Brauner
2021-03-22 17:01 ` Vivek Goyal [this message]
2021-03-22 17:01 ` Vivek Goyal
2021-03-23 9:32 ` Christian Brauner
2021-03-23 9:32 ` [Virtio-fs] " Christian Brauner
2021-03-23 22:50 ` Vivek Goyal
2021-03-23 22:50 ` [Virtio-fs] " Vivek Goyal
2021-03-19 19:55 ` [PATCH 2/3] fuse: Add support for FUSE_SETXATTR_V2 Vivek Goyal
2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal
2021-03-19 19:55 ` [PATCH 3/3] fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID Vivek Goyal
2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210322170111.GE446288@redhat.com \
--to=vgoyal@redhat.com \
--cc=agruenba@redhat.com \
--cc=andreas.gruenbacher@gmail.com \
--cc=christian.brauner@canonical.com \
--cc=dgilbert@redhat.com \
--cc=jack@suse.cz \
--cc=lhenriques@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.