From: Andreas Gruenbacher <andreas.gruenbacher@gmail.com> To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests Date: Fri, 27 Mar 2015 17:50:02 +0100 [thread overview] Message-ID: <3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com> (raw) In-Reply-To: <cover.1427471526.git.agruenba@redhat.com> In-Reply-To: <cover.1427471526.git.agruenba@redhat.com> The vfs does not apply the umask for file systems that support acls. The test used for this used to be called IS_POSIXACL(). Switch to a new IS_ACL() test to check for either posix acls or richacls instead. Add a new MS_RICHACL flag and IS_RICHACL() test for richacls alone. The IS_POSIXACL() test is still needed by file systems that specifically support POSIX ACLs, like nfsd. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> --- fs/Kconfig | 3 +++ fs/namei.c | 8 ++++---- include/linux/fs.h | 12 ++++++++++++ include/uapi/linux/fs.h | 3 ++- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/fs/Kconfig b/fs/Kconfig index ec35851..8b84f99 100644 --- a/fs/Kconfig +++ b/fs/Kconfig @@ -58,6 +58,9 @@ endif # BLOCK config FS_POSIX_ACL def_bool n +config FS_RICHACL + def_bool n + config EXPORTFS tristate diff --git a/fs/namei.c b/fs/namei.c index c83145a..0ba4bbc 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2696,7 +2696,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, } mode = op->mode; - if ((open_flag & O_CREAT) && !IS_POSIXACL(dir)) + if ((open_flag & O_CREAT) && !IS_ACL(dir)) mode &= ~current_umask(); excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT); @@ -2880,7 +2880,7 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; - if (!IS_POSIXACL(dir->d_inode)) + if (!IS_ACL(dir->d_inode)) mode &= ~current_umask(); /* * This write is needed to ensure that a @@ -3481,7 +3481,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mknod(&path, dentry, mode, dev); if (error) @@ -3550,7 +3550,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mkdir(&path, dentry, mode); if (!error) diff --git a/include/linux/fs.h b/include/linux/fs.h index b4d71b5..f64eb45 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1708,6 +1708,12 @@ struct super_operations { #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE) #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL) +#ifdef CONFIG_FS_RICHACL +#define IS_RICHACL(inode) __IS_FLG(inode, MS_RICHACL) +#else +#define IS_RICHACL(inode) 0 +#endif + #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD) #define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME) #define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE) @@ -1721,6 +1727,12 @@ struct super_operations { (inode)->i_rdev == WHITEOUT_DEV) /* + * IS_ACL() tells the VFS to not apply the umask + * and use check_acl for acl permission checks when defined. + */ +#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL | MS_RICHACL) + +/* * Inode state bits. Protected by inode->i_lock * * Three bits determine the dirty state of the inode, I_DIRTY_SYNC, diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 9b964a5..6ac6bc9 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -81,7 +81,7 @@ struct inodes_stat_t { #define MS_VERBOSE 32768 /* War is peace. Verbosity is silence. MS_VERBOSE is deprecated. */ #define MS_SILENT 32768 -#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */ +#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */ #define MS_UNBINDABLE (1<<17) /* change to unbindable */ #define MS_PRIVATE (1<<18) /* change to private */ #define MS_SLAVE (1<<19) /* change to slave */ @@ -91,6 +91,7 @@ struct inodes_stat_t { #define MS_I_VERSION (1<<23) /* Update inode I_version field */ #define MS_STRICTATIME (1<<24) /* Always perform atime updates */ #define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */ +#define MS_RICHACL (1<<26) /* Supports richacls */ /* These sb flags are internal to the kernel */ #define MS_NOSEC (1<<28) -- 2.1.0
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <andreas.gruenbacher-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Subject: [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests Date: Fri, 27 Mar 2015 17:50:02 +0100 [thread overview] Message-ID: <3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com> (raw) In-Reply-To: <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> In-Reply-To: <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> The vfs does not apply the umask for file systems that support acls. The test used for this used to be called IS_POSIXACL(). Switch to a new IS_ACL() test to check for either posix acls or richacls instead. Add a new MS_RICHACL flag and IS_RICHACL() test for richacls alone. The IS_POSIXACL() test is still needed by file systems that specifically support POSIX ACLs, like nfsd. Signed-off-by: Andreas Gruenbacher <agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> --- fs/Kconfig | 3 +++ fs/namei.c | 8 ++++---- include/linux/fs.h | 12 ++++++++++++ include/uapi/linux/fs.h | 3 ++- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/fs/Kconfig b/fs/Kconfig index ec35851..8b84f99 100644 --- a/fs/Kconfig +++ b/fs/Kconfig @@ -58,6 +58,9 @@ endif # BLOCK config FS_POSIX_ACL def_bool n +config FS_RICHACL + def_bool n + config EXPORTFS tristate diff --git a/fs/namei.c b/fs/namei.c index c83145a..0ba4bbc 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2696,7 +2696,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, } mode = op->mode; - if ((open_flag & O_CREAT) && !IS_POSIXACL(dir)) + if ((open_flag & O_CREAT) && !IS_ACL(dir)) mode &= ~current_umask(); excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT); @@ -2880,7 +2880,7 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; - if (!IS_POSIXACL(dir->d_inode)) + if (!IS_ACL(dir->d_inode)) mode &= ~current_umask(); /* * This write is needed to ensure that a @@ -3481,7 +3481,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mknod(&path, dentry, mode, dev); if (error) @@ -3550,7 +3550,7 @@ retry: if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) + if (!IS_ACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mkdir(&path, dentry, mode); if (!error) diff --git a/include/linux/fs.h b/include/linux/fs.h index b4d71b5..f64eb45 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1708,6 +1708,12 @@ struct super_operations { #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE) #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL) +#ifdef CONFIG_FS_RICHACL +#define IS_RICHACL(inode) __IS_FLG(inode, MS_RICHACL) +#else +#define IS_RICHACL(inode) 0 +#endif + #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD) #define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME) #define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE) @@ -1721,6 +1727,12 @@ struct super_operations { (inode)->i_rdev == WHITEOUT_DEV) /* + * IS_ACL() tells the VFS to not apply the umask + * and use check_acl for acl permission checks when defined. + */ +#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL | MS_RICHACL) + +/* * Inode state bits. Protected by inode->i_lock * * Three bits determine the dirty state of the inode, I_DIRTY_SYNC, diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 9b964a5..6ac6bc9 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -81,7 +81,7 @@ struct inodes_stat_t { #define MS_VERBOSE 32768 /* War is peace. Verbosity is silence. MS_VERBOSE is deprecated. */ #define MS_SILENT 32768 -#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */ +#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */ #define MS_UNBINDABLE (1<<17) /* change to unbindable */ #define MS_PRIVATE (1<<18) /* change to private */ #define MS_SLAVE (1<<19) /* change to slave */ @@ -91,6 +91,7 @@ struct inodes_stat_t { #define MS_I_VERSION (1<<23) /* Update inode I_version field */ #define MS_STRICTATIME (1<<24) /* Always perform atime updates */ #define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */ +#define MS_RICHACL (1<<26) /* Supports richacls */ /* These sb flags are internal to the kernel */ #define MS_NOSEC (1<<28) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-03-27 17:04 UTC|newest] Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-03-27 16:49 [RFC 00/39] Richacls (2) Andreas Gruenbacher 2015-03-27 16:49 ` Andreas Gruenbacher 2015-03-27 16:49 ` [RFC 01/39] vfs: Minor documentation fix Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 02/39] uapi: Remove kernel internal declaration Andreas Gruenbacher 2015-04-20 18:57 ` J. Bruce Fields 2015-04-20 18:57 ` J. Bruce Fields 2015-04-24 11:25 ` Andreas Grünbacher 2015-03-27 16:50 ` [RFC 03/39] vfs: Shrink struct posix_acl Andreas Gruenbacher 2015-03-27 16:50 ` Andreas Gruenbacher [this message] 2015-03-27 16:50 ` [RFC 04/39] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 05/39] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 06/39] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 07/39] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 08/39] vfs: Add permission flags for setting file attributes Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 09/39] richacl: In-memory representation and helper functions Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 10/39] richacl: Permission mapping functions Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 11/39] richacl: Compute maximum file masks from an acl Andreas Gruenbacher 2015-04-20 21:28 ` J. Bruce Fields 2015-04-20 21:28 ` J. Bruce Fields 2015-04-24 11:07 ` Andreas Grünbacher 2015-03-27 16:50 ` [RFC 12/39] richacl: Update the file masks in chmod() Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 13/39] richacl: Permission check algorithm Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 14/39] vfs: Cache base_acl objects in inodes Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 15/39] vfs: Cache richacl in struct inode Andreas Gruenbacher 2015-03-27 16:50 ` Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 16/39] richacl: Create-time inheritance Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 17/39] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 18/39] richacl: Automatic Inheritance Andreas Gruenbacher 2015-03-27 16:50 ` Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 19/39] richacl: xattr mapping functions Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 20/39] vfs: Add richacl permission checking Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 21/39] ext4: Add richacl support Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 22/39] ext4: Add richacl feature flag Andreas Gruenbacher 2015-03-27 16:50 ` Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 23/39] richacl: acl editing helper functions Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 24/39] richacl: Move everyone@ aces down the acl Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 25/39] richacl: Propagate everyone@ permissions to other aces Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 26/39] richacl: Isolate the owner and group classes Andreas Gruenbacher 2015-03-27 16:50 ` Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 27/39] richacl: Apply the file masks to a richacl Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 28/39] richacl: Create richacl from mode values Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 29/39] richacl: Create acl with masks applied in richacl_from_mode() Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 30/39] nfsd: Remove dead declarations Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 31/39] nfsd: Keep list of acls to dispose of in compoundargs Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 32/39] nfsd: Use richacls as internal acl representation Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 33/39] nfsd: Add richacl support Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 34/39] nfs/sunrpc: No more encode and decode function pointer casting Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 35/39] nfs/sunrpc: Return status code from encode functions Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 36/39] nfs3: Return posix acl encode errors Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 37/39] nfs: Remove unused xdr page offsets in getacl/setacl arguments Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 38/39] rpc: Allow to demand-allocate pages to encode into Andreas Gruenbacher 2015-03-27 16:50 ` [RFC 39/39] nfs: Add richacl support Andreas Gruenbacher [not found] ` <cover.1427471526.git.agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2015-03-30 18:16 ` Fwd: [RFC 00/39] Richacls (2) Steve French
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3e8534ce7a9bb0a80c44425083be4be56858b050.1427471526.git.agruenba@redhat.com \ --to=andreas.gruenbacher@gmail.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.