From: Andreas Gruenbacher <andreas.gruenbacher@gmail.com>
To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org
Subject: [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests
Date: Fri, 27 Mar 2015 17:50:02 +0100 [thread overview]
Message-ID: <3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com> (raw)
In-Reply-To: <cover.1427471526.git.agruenba@redhat.com>
In-Reply-To: <cover.1427471526.git.agruenba@redhat.com>
The vfs does not apply the umask for file systems that support acls. The test
used for this used to be called IS_POSIXACL(). Switch to a new IS_ACL() test to
check for either posix acls or richacls instead. Add a new MS_RICHACL flag and
IS_RICHACL() test for richacls alone. The IS_POSIXACL() test is still needed
by file systems that specifically support POSIX ACLs, like nfsd.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/Kconfig | 3 +++
fs/namei.c | 8 ++++----
include/linux/fs.h | 12 ++++++++++++
include/uapi/linux/fs.h | 3 ++-
4 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/fs/Kconfig b/fs/Kconfig
index ec35851..8b84f99 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -58,6 +58,9 @@ endif # BLOCK
config FS_POSIX_ACL
def_bool n
+config FS_RICHACL
+ def_bool n
+
config EXPORTFS
tristate
diff --git a/fs/namei.c b/fs/namei.c
index c83145a..0ba4bbc 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2696,7 +2696,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
}
mode = op->mode;
- if ((open_flag & O_CREAT) && !IS_POSIXACL(dir))
+ if ((open_flag & O_CREAT) && !IS_ACL(dir))
mode &= ~current_umask();
excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT);
@@ -2880,7 +2880,7 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
- if (!IS_POSIXACL(dir->d_inode))
+ if (!IS_ACL(dir->d_inode))
mode &= ~current_umask();
/*
* This write is needed to ensure that a
@@ -3481,7 +3481,7 @@ retry:
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- if (!IS_POSIXACL(path.dentry->d_inode))
+ if (!IS_ACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
@@ -3550,7 +3550,7 @@ retry:
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- if (!IS_POSIXACL(path.dentry->d_inode))
+ if (!IS_ACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mkdir(&path, dentry, mode);
if (!error)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b4d71b5..f64eb45 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1708,6 +1708,12 @@ struct super_operations {
#define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
#define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
+#ifdef CONFIG_FS_RICHACL
+#define IS_RICHACL(inode) __IS_FLG(inode, MS_RICHACL)
+#else
+#define IS_RICHACL(inode) 0
+#endif
+
#define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
#define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME)
#define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE)
@@ -1721,6 +1727,12 @@ struct super_operations {
(inode)->i_rdev == WHITEOUT_DEV)
/*
+ * IS_ACL() tells the VFS to not apply the umask
+ * and use check_acl for acl permission checks when defined.
+ */
+#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL | MS_RICHACL)
+
+/*
* Inode state bits. Protected by inode->i_lock
*
* Three bits determine the dirty state of the inode, I_DIRTY_SYNC,
diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
index 9b964a5..6ac6bc9 100644
--- a/include/uapi/linux/fs.h
+++ b/include/uapi/linux/fs.h
@@ -81,7 +81,7 @@ struct inodes_stat_t {
#define MS_VERBOSE 32768 /* War is peace. Verbosity is silence.
MS_VERBOSE is deprecated. */
#define MS_SILENT 32768
-#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */
+#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */
#define MS_UNBINDABLE (1<<17) /* change to unbindable */
#define MS_PRIVATE (1<<18) /* change to private */
#define MS_SLAVE (1<<19) /* change to slave */
@@ -91,6 +91,7 @@ struct inodes_stat_t {
#define MS_I_VERSION (1<<23) /* Update inode I_version field */
#define MS_STRICTATIME (1<<24) /* Always perform atime updates */
#define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
+#define MS_RICHACL (1<<26) /* Supports richacls */
/* These sb flags are internal to the kernel */
#define MS_NOSEC (1<<28)
--
2.1.0
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <andreas.gruenbacher-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests
Date: Fri, 27 Mar 2015 17:50:02 +0100 [thread overview]
Message-ID: <3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com> (raw)
In-Reply-To: <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
In-Reply-To: <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
The vfs does not apply the umask for file systems that support acls. The test
used for this used to be called IS_POSIXACL(). Switch to a new IS_ACL() test to
check for either posix acls or richacls instead. Add a new MS_RICHACL flag and
IS_RICHACL() test for richacls alone. The IS_POSIXACL() test is still needed
by file systems that specifically support POSIX ACLs, like nfsd.
Signed-off-by: Andreas Gruenbacher <agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
fs/Kconfig | 3 +++
fs/namei.c | 8 ++++----
include/linux/fs.h | 12 ++++++++++++
include/uapi/linux/fs.h | 3 ++-
4 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/fs/Kconfig b/fs/Kconfig
index ec35851..8b84f99 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -58,6 +58,9 @@ endif # BLOCK
config FS_POSIX_ACL
def_bool n
+config FS_RICHACL
+ def_bool n
+
config EXPORTFS
tristate
diff --git a/fs/namei.c b/fs/namei.c
index c83145a..0ba4bbc 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2696,7 +2696,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
}
mode = op->mode;
- if ((open_flag & O_CREAT) && !IS_POSIXACL(dir))
+ if ((open_flag & O_CREAT) && !IS_ACL(dir))
mode &= ~current_umask();
excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT);
@@ -2880,7 +2880,7 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
- if (!IS_POSIXACL(dir->d_inode))
+ if (!IS_ACL(dir->d_inode))
mode &= ~current_umask();
/*
* This write is needed to ensure that a
@@ -3481,7 +3481,7 @@ retry:
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- if (!IS_POSIXACL(path.dentry->d_inode))
+ if (!IS_ACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
@@ -3550,7 +3550,7 @@ retry:
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- if (!IS_POSIXACL(path.dentry->d_inode))
+ if (!IS_ACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mkdir(&path, dentry, mode);
if (!error)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index b4d71b5..f64eb45 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1708,6 +1708,12 @@ struct super_operations {
#define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
#define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
+#ifdef CONFIG_FS_RICHACL
+#define IS_RICHACL(inode) __IS_FLG(inode, MS_RICHACL)
+#else
+#define IS_RICHACL(inode) 0
+#endif
+
#define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
#define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME)
#define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE)
@@ -1721,6 +1727,12 @@ struct super_operations {
(inode)->i_rdev == WHITEOUT_DEV)
/*
+ * IS_ACL() tells the VFS to not apply the umask
+ * and use check_acl for acl permission checks when defined.
+ */
+#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL | MS_RICHACL)
+
+/*
* Inode state bits. Protected by inode->i_lock
*
* Three bits determine the dirty state of the inode, I_DIRTY_SYNC,
diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
index 9b964a5..6ac6bc9 100644
--- a/include/uapi/linux/fs.h
+++ b/include/uapi/linux/fs.h
@@ -81,7 +81,7 @@ struct inodes_stat_t {
#define MS_VERBOSE 32768 /* War is peace. Verbosity is silence.
MS_VERBOSE is deprecated. */
#define MS_SILENT 32768
-#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */
+#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */
#define MS_UNBINDABLE (1<<17) /* change to unbindable */
#define MS_PRIVATE (1<<18) /* change to private */
#define MS_SLAVE (1<<19) /* change to slave */
@@ -91,6 +91,7 @@ struct inodes_stat_t {
#define MS_I_VERSION (1<<23) /* Update inode I_version field */
#define MS_STRICTATIME (1<<24) /* Always perform atime updates */
#define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
+#define MS_RICHACL (1<<26) /* Supports richacls */
/* These sb flags are internal to the kernel */
#define MS_NOSEC (1<<28)
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-03-27 17:04 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-27 16:49 [RFC 00/39] Richacls (2) Andreas Gruenbacher
2015-03-27 16:49 ` Andreas Gruenbacher
2015-03-27 16:49 ` [RFC 01/39] vfs: Minor documentation fix Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 02/39] uapi: Remove kernel internal declaration Andreas Gruenbacher
2015-04-20 18:57 ` J. Bruce Fields
2015-04-20 18:57 ` J. Bruce Fields
2015-04-24 11:25 ` Andreas Grünbacher
2015-03-27 16:50 ` [RFC 03/39] vfs: Shrink struct posix_acl Andreas Gruenbacher
2015-03-27 16:50 ` Andreas Gruenbacher [this message]
2015-03-27 16:50 ` [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 05/39] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 06/39] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 07/39] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 08/39] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 09/39] richacl: In-memory representation and helper functions Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 10/39] richacl: Permission mapping functions Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 11/39] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2015-04-20 21:28 ` J. Bruce Fields
2015-04-20 21:28 ` J. Bruce Fields
2015-04-24 11:07 ` Andreas Grünbacher
2015-03-27 16:50 ` [RFC 12/39] richacl: Update the file masks in chmod() Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 13/39] richacl: Permission check algorithm Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 14/39] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 15/39] vfs: Cache richacl in struct inode Andreas Gruenbacher
2015-03-27 16:50 ` Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 16/39] richacl: Create-time inheritance Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 17/39] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 18/39] richacl: Automatic Inheritance Andreas Gruenbacher
2015-03-27 16:50 ` Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 19/39] richacl: xattr mapping functions Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 20/39] vfs: Add richacl permission checking Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 21/39] ext4: Add richacl support Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 22/39] ext4: Add richacl feature flag Andreas Gruenbacher
2015-03-27 16:50 ` Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 23/39] richacl: acl editing helper functions Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 24/39] richacl: Move everyone@ aces down the acl Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 25/39] richacl: Propagate everyone@ permissions to other aces Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 26/39] richacl: Isolate the owner and group classes Andreas Gruenbacher
2015-03-27 16:50 ` Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 27/39] richacl: Apply the file masks to a richacl Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 28/39] richacl: Create richacl from mode values Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 29/39] richacl: Create acl with masks applied in richacl_from_mode() Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 30/39] nfsd: Remove dead declarations Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 31/39] nfsd: Keep list of acls to dispose of in compoundargs Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 32/39] nfsd: Use richacls as internal acl representation Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 33/39] nfsd: Add richacl support Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 34/39] nfs/sunrpc: No more encode and decode function pointer casting Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 35/39] nfs/sunrpc: Return status code from encode functions Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 36/39] nfs3: Return posix acl encode errors Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 37/39] nfs: Remove unused xdr page offsets in getacl/setacl arguments Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 38/39] rpc: Allow to demand-allocate pages to encode into Andreas Gruenbacher
2015-03-27 16:50 ` [RFC 39/39] nfs: Add richacl support Andreas Gruenbacher
[not found] ` <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-03-30 18:16 ` Fwd: [RFC 00/39] Richacls (2) Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com \
--to=andreas.gruenbacher@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.