From: Vivek Goyal <vgoyal@redhat.com> To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, miklos@szeredi.hu Cc: vgoyal@redhat.com, lhenriques@suse.de, dgilbert@redhat.com, seth.forshee@canonical.com Subject: [PATCH v2 0/2] fuse: Fix clearing SGID when access ACL is set Date: Thu, 25 Mar 2021 11:18:21 -0400 [thread overview] Message-ID: <20210325151823.572089-1-vgoyal@redhat.com> (raw) Hi, This is V2 of the patchset. Posted V1 here. https://lore.kernel.org/linux-fsdevel/20210319195547.427371-1-vgoyal@redhat.com/ Changes since V1: - Dropped the helper to determine if SGID should be cleared and open coded it instead. I will follow up on helper separately in a different patch series. There are few places already which open code this, so for now fuse can do the same. Atleast I can make progress on this and virtiofs can enable ACL support. Luis reported that xfstests generic/375 fails with virtiofs. Little debugging showed that when posix access acl is set that in some cases SGID needs to be cleared and that does not happen with virtiofs. Setting posix access acl can lead to mode change and it can also lead to clear of SGID. fuse relies on file server taking care of all the mode changes. But file server does not have enough information to determine whether SGID should be cleared or not. Hence this patch series add support to send a flag in SETXATTR message to tell server to clear SGID. I have staged corresponding virtiofsd patches here. https://github.com/rhvgoyal/qemu/commits/acl-sgid-setxattr-flag With these patches applied "./check -g acl" passes now on virtiofs. Thanks Vivek Vivek Goyal (2): fuse: Add support for FUSE_SETXATTR_V2 fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID fs/fuse/acl.c | 8 +++++++- fs/fuse/fuse_i.h | 5 ++++- fs/fuse/inode.c | 4 +++- fs/fuse/xattr.c | 21 +++++++++++++++------ include/uapi/linux/fuse.h | 17 +++++++++++++++++ 5 files changed, 46 insertions(+), 9 deletions(-) -- 2.25.4
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com> To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, miklos@szeredi.hu Cc: seth.forshee@canonical.com, vgoyal@redhat.com Subject: [Virtio-fs] [PATCH v2 0/2] fuse: Fix clearing SGID when access ACL is set Date: Thu, 25 Mar 2021 11:18:21 -0400 [thread overview] Message-ID: <20210325151823.572089-1-vgoyal@redhat.com> (raw) Hi, This is V2 of the patchset. Posted V1 here. https://lore.kernel.org/linux-fsdevel/20210319195547.427371-1-vgoyal@redhat.com/ Changes since V1: - Dropped the helper to determine if SGID should be cleared and open coded it instead. I will follow up on helper separately in a different patch series. There are few places already which open code this, so for now fuse can do the same. Atleast I can make progress on this and virtiofs can enable ACL support. Luis reported that xfstests generic/375 fails with virtiofs. Little debugging showed that when posix access acl is set that in some cases SGID needs to be cleared and that does not happen with virtiofs. Setting posix access acl can lead to mode change and it can also lead to clear of SGID. fuse relies on file server taking care of all the mode changes. But file server does not have enough information to determine whether SGID should be cleared or not. Hence this patch series add support to send a flag in SETXATTR message to tell server to clear SGID. I have staged corresponding virtiofsd patches here. https://github.com/rhvgoyal/qemu/commits/acl-sgid-setxattr-flag With these patches applied "./check -g acl" passes now on virtiofs. Thanks Vivek Vivek Goyal (2): fuse: Add support for FUSE_SETXATTR_V2 fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID fs/fuse/acl.c | 8 +++++++- fs/fuse/fuse_i.h | 5 ++++- fs/fuse/inode.c | 4 +++- fs/fuse/xattr.c | 21 +++++++++++++++------ include/uapi/linux/fuse.h | 17 +++++++++++++++++ 5 files changed, 46 insertions(+), 9 deletions(-) -- 2.25.4
next reply other threads:[~2021-03-25 15:19 UTC|newest] Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-25 15:18 Vivek Goyal [this message] 2021-03-25 15:18 ` [Virtio-fs] [PATCH v2 0/2] fuse: Fix clearing SGID when access ACL is set Vivek Goyal 2021-03-25 15:18 ` [PATCH v2 1/2] fuse: Add support for FUSE_SETXATTR_V2 Vivek Goyal 2021-03-25 15:18 ` [Virtio-fs] " Vivek Goyal 2021-03-29 14:50 ` Luis Henriques 2021-03-29 14:50 ` [Virtio-fs] " Luis Henriques 2021-03-29 18:16 ` Vivek Goyal 2021-03-29 18:16 ` [Virtio-fs] " Vivek Goyal 2021-03-29 14:54 ` Luis Henriques 2021-03-29 14:54 ` [Virtio-fs] " Luis Henriques 2021-03-29 18:24 ` Vivek Goyal 2021-03-29 18:24 ` [Virtio-fs] " Vivek Goyal 2021-03-29 20:27 ` Luis Henriques 2021-03-29 20:27 ` [Virtio-fs] " Luis Henriques 2021-03-25 15:18 ` [PATCH v2 2/2] fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID Vivek Goyal 2021-03-25 15:18 ` [Virtio-fs] " Vivek Goyal 2021-04-13 20:41 ` [Virtio-fs] [PATCH v2 0/2] fuse: Fix clearing SGID when access ACL is set Vivek Goyal 2021-04-14 11:57 ` Miklos Szeredi 2021-04-14 11:57 ` [Virtio-fs] " Miklos Szeredi 2021-04-14 12:58 ` Vivek Goyal 2021-04-14 12:58 ` [Virtio-fs] " Vivek Goyal 2021-06-17 14:35 ` Vivek Goyal 2021-06-17 14:35 ` [Virtio-fs] " Vivek Goyal
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210325151823.572089-1-vgoyal@redhat.com \ --to=vgoyal@redhat.com \ --cc=dgilbert@redhat.com \ --cc=lhenriques@suse.de \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=miklos@szeredi.hu \ --cc=seth.forshee@canonical.com \ --cc=virtio-fs@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.