linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Frank Filz <ffilzlnx@mindspring.com>
Cc: Jeff Layton <jlayton@redhat.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Christoph Hellwig <hch@infradead.org>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	"J. Bruce Fields" <bfields@fieldses.org>,
	Trond Myklebust <trond.myklebust@primarydata.com>,
	Anna Schumaker <anna.schumaker@netapp.com>,
	Dave Chinner <david@fromorbit.com>,
	linux-ext4 <linux-ext4@vger.kernel.org>,
	XFS Developers <xfs@oss.sgi.com>,
	LKML <linux-kernel@vger.kernel.org>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	linux-cifs@vger.kernel.org, Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl
Date: Wed, 13 Jul 2016 14:34:31 +0200	[thread overview]
Message-ID: <CAHc6FU5oeaCxgZPFeNSHDfSjnVKe9km14R4s5RoBhJXPaL7ymQ@mail.gmail.com> (raw)
In-Reply-To: <014101d1d6df$e059fd20$a10df760$@mindspring.com>

Frank,

On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz <ffilzlnx@mindspring.com> wrote:
>> > + * Note: functions like richacl_allowed_to_who(),
>> > +richacl_group_class_allowed(),
>> > + * and richacl_compute_max_masks() iterate through the entire acl in
>> > +reverse
>> > + * order as an optimization.
>> > + *
>> > + * In the standard algorithm, aces are considered in forward order.
>> > +When a
>> > + * process matches an ace, the permissions in the ace are either
>> > +allowed or
>> > + * denied depending on the ace type.  Once a permission has been
>> > +allowed or
>> > + * denied, it is no longer considered in further aces.
>> > + *
>> > + * By iterating through the acl in reverse order, we can compute the
>> > +same
>> > + * result without having to keep track of which permissions have been
>> > +allowed
>> > + * and denied already.
>> > + */
>> >
>>
>> Clever!
>
> Hmm, but does that result in examining the whole ACL for most access checks, at least for files where most of the accesses are by the owner, or a member of a specific group (with perhaps a ton of special case users added on the end)?

I don't understand -- what does this algorithm have to do with access checks?

Thanks,
Andreas

  reply	other threads:[~2016-07-13 12:35 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-30 13:46 [PATCH v23 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-07-05 11:00   ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-07-05 11:02   ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-07-05 11:07   ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-07-05 11:12   ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-07-05 11:18   ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-07-05 11:34   ` Jeff Layton
2016-07-11 10:11     ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-07-05 13:39   ` Jeff Layton
2016-07-11 13:26     ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-07-05 14:22   ` Jeff Layton
2016-07-05 17:08     ` Frank Filz
2016-07-13 12:34       ` Andreas Gruenbacher [this message]
2016-07-13 19:38         ` Frank Filz
2016-06-30 13:47 ` [PATCH v23 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-07-05 14:59   ` Jeff Layton
2016-07-11 13:28     ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 10/22] posix_acl: Improve xattr fixup code Andreas Gruenbacher
2016-07-05 15:38   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-07-05 15:56   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-07-06 18:31   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-07-06 18:57   ` Jeff Layton
2016-07-14 20:02     ` Andreas Gruenbacher
2016-07-07 14:14   ` David Howells
2016-06-30 13:47 ` [PATCH v23 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-07-12 11:36   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-07-12 11:39   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-07-12 11:41   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-07-12 11:56   ` Jeff Layton
2016-07-12 19:11     ` J. Bruce Fields
2016-07-12 20:28       ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-07-12 12:02   ` Jeff Layton
2016-07-14 20:33     ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-07-12 12:13   ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-07-12 12:13   ` Jeff Layton
2016-07-14 20:59     ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-06-30 14:11 ` [PATCH v23 00/22] Richacls (Core and Ext4) Volker Lendecke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHc6FU5oeaCxgZPFeNSHDfSjnVKe9km14R4s5RoBhJXPaL7ymQ@mail.gmail.com \
    --to=agruenba@redhat.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=anna.schumaker@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=david@fromorbit.com \
    --cc=ffilzlnx@mindspring.com \
    --cc=hch@infradead.org \
    --cc=jlayton@redhat.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@primarydata.com \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).