From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Cc: Andreas Gruenbacher <agruenba@redhat.com>
Subject: [PATCH v15 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags
Date: Mon, 9 Nov 2015 12:08:44 +0100 [thread overview]
Message-ID: <1447067343-31479-4-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1447067343-31479-1-git-send-email-agruenba@redhat.com>
Normally, deleting a file requires MAY_WRITE access to the parent
directory. With richacls, a file may be deleted with MAY_DELETE_CHILD access
to the parent directory or with MAY_DELETE_SELF access to the file.
To support that, pass the MAY_DELETE_CHILD mask flag to inode_permission()
when checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itelf.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
---
fs/namei.c | 20 ++++++++++++--------
include/linux/fs.h | 2 ++
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 24a98f9..7f21554 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -453,9 +453,9 @@ static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
* this, letting us set arbitrary permissions for filesystem access without
* changing the "normal" UIDs which are used for other things.
*
- * MAY_WRITE must be set in @mask whenever MAY_APPEND, MAY_CREATE_FILE, or
- * MAY_CREATE_DIR are set. That way, file systems that don't support these
- * permissions will check for MAY_WRITE instead.
+ * MAY_WRITE must be set in @mask whenever MAY_APPEND, MAY_CREATE_FILE,
+ * MAY_CREATE_DIR, or MAY_DELETE_CHILD are set. That way, file systems that
+ * don't support these permissions will check for MAY_WRITE instead.
*/
int inode_permission(struct inode *inode, int mask)
{
@@ -2564,14 +2564,18 @@ static int may_delete_or_replace(struct inode *dir, struct dentry *victim,
BUG_ON(victim->d_parent->d_inode != dir);
audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
- error = inode_permission(dir, mask);
+ error = inode_permission(dir, mask | MAY_WRITE | MAY_DELETE_CHILD);
+ if (!error && check_sticky(dir, inode))
+ error = -EPERM;
+ if (error && IS_RICHACL(inode) &&
+ inode_permission(inode, MAY_DELETE_SELF) == 0 &&
+ inode_permission(dir, mask) == 0)
+ error = 0;
if (error)
return error;
if (IS_APPEND(dir))
return -EPERM;
-
- if (check_sticky(dir, inode) || IS_APPEND(inode) ||
- IS_IMMUTABLE(inode) || IS_SWAPFILE(inode))
+ if (IS_APPEND(inode) || IS_IMMUTABLE(inode) || IS_SWAPFILE(inode))
return -EPERM;
if (isdir) {
if (!d_is_dir(victim))
@@ -2589,7 +2593,7 @@ static int may_delete_or_replace(struct inode *dir, struct dentry *victim,
static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
{
- return may_delete_or_replace(dir, victim, isdir, MAY_WRITE | MAY_EXEC);
+ return may_delete_or_replace(dir, victim, isdir, MAY_EXEC);
}
static int may_replace(struct inode *dir, struct dentry *victim, bool isdir)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index d6e2330..402acd7 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -84,6 +84,8 @@ typedef void (dax_iodone_t)(struct buffer_head *bh_map, int uptodate);
#define MAY_NOT_BLOCK 0x00000080
#define MAY_CREATE_FILE 0x00000100
#define MAY_CREATE_DIR 0x00000200
+#define MAY_DELETE_CHILD 0x00000400
+#define MAY_DELETE_SELF 0x00000800
/*
* flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond
--
2.5.0
next prev parent reply other threads:[~2015-11-09 11:09 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-09 11:08 [PATCH v15 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2015-11-09 11:08 ` Andreas Gruenbacher [this message]
2015-11-09 11:08 ` [PATCH v15 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 10/22] posix_acl: Unexport acl_by_type and make it static Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2015-11-09 11:08 ` [PATCH v15 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2015-11-09 11:09 ` [PATCH v15 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2015-11-11 1:16 ` Andreas Gruenbacher
2015-11-09 11:09 ` [PATCH v15 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2015-11-09 11:09 ` [PATCH v15 21/22] ext4: Add richacl support Andreas Gruenbacher
2015-11-09 11:09 ` [PATCH v15 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2015-11-10 11:29 ` [PATCH v15 00/22] Richacls (Core and Ext4) Christoph Hellwig
2015-11-10 12:39 ` Andreas Gruenbacher
2015-11-10 16:43 ` Steve French
2015-11-10 17:07 ` J. Bruce Fields
2015-11-10 17:58 ` Andreas Gruenbacher
2015-11-10 19:17 ` J. Bruce Fields
2015-11-11 7:57 ` Christoph Hellwig
2015-11-11 13:59 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447067343-31479-4-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).