Re: [PATCH v14 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

From: Andreas Dilger <adilger@dilger.ca>
To: Andreas Gruenbacher <agruenba@redhat.com>
Cc: linux-cifs@vger.kernel.org,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	Theodore Ts'o <tytso@mit.edu>,
	Linux API <linux-api@vger.kernel.org>,
	Trond Myklebust <trond.myklebust@primarydata.com>,
	LKML <linux-kernel@vger.kernel.org>,
	XFS Developers <xfs@oss.sgi.com>,
	"J. Bruce Fields" <bfields@fieldses.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Jeff Layton <jlayton@poochiereds.net>,
	linux-ext4 <linux-ext4@vger.kernel.org>,
	Anna Schumaker <anna.schumaker@netapp.com>
Subject: Re: [PATCH v14 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests
Date: Fri, 6 Nov 2015 13:40:19 -0700	[thread overview]
Message-ID: <FC1DC7F3-F165-4575-944F-EA2926C37E11@dilger.ca> (raw)
In-Reply-To: <1446723580-3747-2-git-send-email-agruenba@redhat.com>

[-- Attachment #1.1: Type: text/plain, Size: 4639 bytes --]

On Nov 5, 2015, at 4:39 AM, Andreas Gruenbacher <agruenba@redhat.com> wrote:
> 
> The vfs does not apply the umask for file systems that support acls. The
> test used for this used to be called IS_POSIXACL(). Switch to a new
> IS_ACL() test to check for either posix acls or richacls instead. Add a new
> MS_RICHACL flag and IS_RICHACL() test for richacls alone. The IS_POSIXACL()
> test is still needed by nfsd.
> 
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Reviewed-by: J. Bruce Fields <bfields@redhat.com>

Looks good to me.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>

> ---
> fs/Kconfig              |  3 +++
> fs/namei.c              |  8 ++++----
> include/linux/fs.h      | 12 ++++++++++++
> include/uapi/linux/fs.h |  3 ++-
> 4 files changed, 21 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/Kconfig b/fs/Kconfig
> index da3f32f..bff2879 100644
> --- a/fs/Kconfig
> +++ b/fs/Kconfig
> @@ -56,6 +56,9 @@ endif # BLOCK
> config FS_POSIX_ACL
> 	def_bool n
> 
> +config FS_RICHACL
> +	def_bool n
> +
> config EXPORTFS
> 	tristate
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index 33e9495..224ecf1 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -2798,7 +2798,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
> 	}
> 
> 	mode = op->mode;
> -	if ((open_flag & O_CREAT) && !IS_POSIXACL(dir))
> +	if ((open_flag & O_CREAT) && !IS_ACL(dir))
> 		mode &= ~current_umask();
> 
> 	excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT);
> @@ -2982,7 +2982,7 @@ static int lookup_open(struct nameidata *nd, struct path *path,
> 	/* Negative dentry, just create the file */
> 	if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
> 		umode_t mode = op->mode;
> -		if (!IS_POSIXACL(dir->d_inode))
> +		if (!IS_ACL(dir->d_inode))
> 			mode &= ~current_umask();
> 		/*
> 		 * This write is needed to ensure that a
> @@ -3553,7 +3553,7 @@ retry:
> 	if (IS_ERR(dentry))
> 		return PTR_ERR(dentry);
> 
> -	if (!IS_POSIXACL(path.dentry->d_inode))
> +	if (!IS_ACL(path.dentry->d_inode))
> 		mode &= ~current_umask();
> 	error = security_path_mknod(&path, dentry, mode, dev);
> 	if (error)
> @@ -3622,7 +3622,7 @@ retry:
> 	if (IS_ERR(dentry))
> 		return PTR_ERR(dentry);
> 
> -	if (!IS_POSIXACL(path.dentry->d_inode))
> +	if (!IS_ACL(path.dentry->d_inode))
> 		mode &= ~current_umask();
> 	error = security_path_mkdir(&path, dentry, mode);
> 	if (!error)
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 72d8a84..4efa435 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1781,6 +1781,12 @@ struct super_operations {
> #define IS_IMMUTABLE(inode)	((inode)->i_flags & S_IMMUTABLE)
> #define IS_POSIXACL(inode)	__IS_FLG(inode, MS_POSIXACL)
> 
> +#ifdef CONFIG_FS_RICHACL
> +#define IS_RICHACL(inode)	__IS_FLG(inode, MS_RICHACL)
> +#else
> +#define IS_RICHACL(inode)	0
> +#endif
> +
> #define IS_DEADDIR(inode)	((inode)->i_flags & S_DEAD)
> #define IS_NOCMTIME(inode)	((inode)->i_flags & S_NOCMTIME)
> #define IS_SWAPFILE(inode)	((inode)->i_flags & S_SWAPFILE)
> @@ -1794,6 +1800,12 @@ struct super_operations {
> 				 (inode)->i_rdev == WHITEOUT_DEV)
> 
> /*
> + * IS_ACL() tells the VFS to not apply the umask
> + * and use check_acl for acl permission checks when defined.
> + */
> +#define IS_ACL(inode)		__IS_FLG(inode, MS_POSIXACL | MS_RICHACL)
> +
> +/*
>  * Inode state bits.  Protected by inode->i_lock
>  *
>  * Three bits determine the dirty state of the inode, I_DIRTY_SYNC,
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 9b964a5..6ac6bc9 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -81,7 +81,7 @@ struct inodes_stat_t {
> #define MS_VERBOSE	32768	/* War is peace. Verbosity is silence.
> 				   MS_VERBOSE is deprecated. */
> #define MS_SILENT	32768
> -#define MS_POSIXACL	(1<<16)	/* VFS does not apply the umask */
> +#define MS_POSIXACL	(1<<16)	/* Supports POSIX ACLs */
> #define MS_UNBINDABLE	(1<<17)	/* change to unbindable */
> #define MS_PRIVATE	(1<<18)	/* change to private */
> #define MS_SLAVE	(1<<19)	/* change to slave */
> @@ -91,6 +91,7 @@ struct inodes_stat_t {
> #define MS_I_VERSION	(1<<23) /* Update inode I_version field */
> #define MS_STRICTATIME	(1<<24) /* Always perform atime updates */
> #define MS_LAZYTIME	(1<<25) /* Update the on-disk [acm]times lazily */
> +#define MS_RICHACL	(1<<26) /* Supports richacls */
> 
> /* These sb flags are internal to the kernel */
> #define MS_NOSEC	(1<<28)
> --
> 2.5.0
> 

Cheers, Andreas

[-- Attachment #1.2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 121 bytes --]

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs