From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: [PATCH v26 03/21] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags
Date: Thu, 29 Sep 2016 01:29:22 +0200 [thread overview]
Message-ID: <1475105380-22837-4-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1475105380-22837-1-git-send-email-agruenba@redhat.com>
Normally, deleting a file requires MAY_WRITE access to the parent
directory. With richacls, a file may be deleted with MAY_DELETE_CHILD access
to the parent directory or with MAY_DELETE_SELF access to the file.
To support that, pass the MAY_DELETE_CHILD mask flag to inode_permission()
when checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itself.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
Reviewed-by: Steve French <steve.french@primarydata.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
---
fs/namei.c | 20 +++++++++++++-------
include/linux/fs.h | 2 ++
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 7290dea..c8bc9fd 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -463,9 +463,9 @@ static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
* this, letting us set arbitrary permissions for filesystem access without
* changing the "normal" UIDs which are used for other things.
*
- * MAY_WRITE must be set in @mask whenever MAY_APPEND, MAY_CREATE_FILE, or
- * MAY_CREATE_DIR are set. That way, file systems that don't support these
- * permissions will check for MAY_WRITE instead.
+ * MAY_WRITE must be set in @mask whenever MAY_APPEND, MAY_CREATE_FILE,
+ * MAY_CREATE_DIR, or MAY_DELETE_CHILD are set. That way, file systems that
+ * don't support these permissions will check for MAY_WRITE instead.
*/
int inode_permission(struct inode *inode, int mask)
{
@@ -2780,14 +2780,20 @@ static int may_delete_or_replace(struct inode *dir, struct dentry *victim,
BUG_ON(victim->d_parent->d_inode != dir);
audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
- error = inode_permission(dir, mask);
+ error = inode_permission(dir, mask | MAY_WRITE | MAY_DELETE_CHILD);
+ if (!error && check_sticky(dir, inode))
+ error = -EPERM;
+ if (error && IS_RICHACL(inode) &&
+ inode_permission(inode, MAY_DELETE_SELF) == 0 &&
+ inode_permission(dir, mask) == 0)
+ error = 0;
if (error)
return error;
if (IS_APPEND(dir))
return -EPERM;
- if (check_sticky(dir, inode) || IS_APPEND(inode) ||
- IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
+ if (IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
+ IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
return -EPERM;
if (isdir) {
if (!d_is_dir(victim))
@@ -2805,7 +2811,7 @@ static int may_delete_or_replace(struct inode *dir, struct dentry *victim,
static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
{
- return may_delete_or_replace(dir, victim, isdir, MAY_WRITE | MAY_EXEC);
+ return may_delete_or_replace(dir, victim, isdir, MAY_EXEC);
}
static int may_replace(struct inode *dir, struct dentry *victim, bool isdir)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 54b2a07..f3e21b0 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -86,6 +86,8 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
#define MAY_NOT_BLOCK 0x00000080
#define MAY_CREATE_FILE 0x00000100
#define MAY_CREATE_DIR 0x00000200
+#define MAY_DELETE_CHILD 0x00000400
+#define MAY_DELETE_SELF 0x00000800
/*
* flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond
--
2.7.4
next prev parent reply other threads:[~2016-09-28 23:30 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-28 23:29 [PATCH v25 00/21] Richacls (Core and Ext4) Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 01/21] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 02/21] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-09-28 23:29 ` Andreas Gruenbacher [this message]
2016-09-28 23:29 ` [PATCH v26 04/21] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 05/21] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 06/21] richacl: Permission mapping functions Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 07/21] richacl: Permission check algorithm Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 08/21] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 09/21] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 10/21] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 11/21] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 12/21] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 13/21] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 14/21] richacl: Create-time inheritance Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 15/21] richacl: Automatic Inheritance Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 16/21] richacl: xattr mapping functions Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 17/21] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 18/21] vfs: Add richacl permission checking Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 19/21] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 20/21] ext4: Add richacl support Andreas Gruenbacher
2016-09-28 23:29 ` [PATCH v26 21/21] ext4: Add richacl feature flag Andreas Gruenbacher
2016-09-30 16:11 ` [PATCH v25 00/21] Richacls (Core and Ext4) J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1475105380-22837-4-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).