From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
linux-nfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Andreas Gruenbacher <agruenba@redhat.com>,
linux-cifs@vger.kernel.org, linux-api@vger.kernel.org,
Trond Myklebust <trond.myklebust@primarydata.com>,
linux-kernel@vger.kernel.org, xfs@oss.sgi.com,
Christoph Hellwig <hch@infradead.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel@vger.kernel.org,
Jeff Layton <jlayton@poochiereds.net>,
linux-ext4@vger.kernel.org,
Anna Schumaker <anna.schumaker@netapp.com>
Subject: [PATCH v25 19/22] vfs: Add richacl permission checking
Date: Tue, 16 Aug 2016 13:03:00 +0200 [thread overview]
Message-ID: <1471345383-15334-20-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com>
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
---
fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index ae205ea..63feb3c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -34,6 +34,7 @@
#include <linux/device_cgroup.h>
#include <linux/fs_struct.h>
#include <linux/posix_acl.h>
+#include <linux/richacl.h>
#include <linux/hash.h>
#include <linux/bitops.h>
#include <linux/init_task.h>
@@ -257,7 +258,43 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_acl(struct inode *inode, int mask)
+static int check_richacl(struct inode *inode, int mask)
+{
+#ifdef CONFIG_FS_RICHACL
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ goto no_acl;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+no_acl:
+#endif
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
+ return -EAGAIN;
+}
+
+static int check_posix_acl(struct inode *inode, int mask)
{
#ifdef CONFIG_FS_POSIX_ACL
if (mask & MAY_NOT_BLOCK) {
@@ -295,11 +332,24 @@ static int acl_permission_check(struct inode *inode, int mask)
{
unsigned int mode = inode->i_mode;
+ /*
+ * With POSIX ACLs, the (mode & S_IRWXU) bits exactly match the owner
+ * permissions, and we can skip checking posix acls for the owner.
+ * With richacls, the owner may be granted fewer permissions than the
+ * mode bits seem to suggest (for example, append but not write), and
+ * we always need to check the richacl.
+ */
+
+ if (IS_RICHACL(inode)) {
+ int error = check_richacl(inode, mask);
+ if (error != -EAGAIN)
+ return error;
+ }
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
else {
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
- int error = check_acl(inode, mask);
+ int error = check_posix_acl(inode, mask);
if (error != -EAGAIN)
return error;
}
--
2.7.4
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: [PATCH v25 19/22] vfs: Add richacl permission checking
Date: Tue, 16 Aug 2016 13:03:00 +0200 [thread overview]
Message-ID: <1471345383-15334-20-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1471345383-15334-1-git-send-email-agruenba@redhat.com>
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
---
fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index ae205ea..63feb3c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -34,6 +34,7 @@
#include <linux/device_cgroup.h>
#include <linux/fs_struct.h>
#include <linux/posix_acl.h>
+#include <linux/richacl.h>
#include <linux/hash.h>
#include <linux/bitops.h>
#include <linux/init_task.h>
@@ -257,7 +258,43 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_acl(struct inode *inode, int mask)
+static int check_richacl(struct inode *inode, int mask)
+{
+#ifdef CONFIG_FS_RICHACL
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ goto no_acl;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+no_acl:
+#endif
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
+ return -EAGAIN;
+}
+
+static int check_posix_acl(struct inode *inode, int mask)
{
#ifdef CONFIG_FS_POSIX_ACL
if (mask & MAY_NOT_BLOCK) {
@@ -295,11 +332,24 @@ static int acl_permission_check(struct inode *inode, int mask)
{
unsigned int mode = inode->i_mode;
+ /*
+ * With POSIX ACLs, the (mode & S_IRWXU) bits exactly match the owner
+ * permissions, and we can skip checking posix acls for the owner.
+ * With richacls, the owner may be granted fewer permissions than the
+ * mode bits seem to suggest (for example, append but not write), and
+ * we always need to check the richacl.
+ */
+
+ if (IS_RICHACL(inode)) {
+ int error = check_richacl(inode, mask);
+ if (error != -EAGAIN)
+ return error;
+ }
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
else {
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
- int error = check_acl(inode, mask);
+ int error = check_posix_acl(inode, mask);
if (error != -EAGAIN)
return error;
}
--
2.7.4
next prev parent reply other threads:[~2016-08-16 11:03 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 11:02 [PATCH v25 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 08/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 09/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 10/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 11/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 12/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 13/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 14/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 15/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 16/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 17/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:02 ` [PATCH v25 18/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-08-16 11:02 ` Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher [this message]
2016-08-16 11:03 ` [PATCH v25 19/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
2016-08-16 11:03 ` [PATCH v25 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-08-16 11:03 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471345383-15334-20-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.