Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS

To:	Andreas Gruenbacher <agruenba@xxxxxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Subject:	Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests
From:	Jeff Layton <jlayton@xxxxxxxxxx>
Date:	Tue, 05 Jul 2016 07:00:13 -0400
Cc:	Christoph Hellwig <hch@xxxxxxxxxxxxx>, Theodore Ts'o <tytso@xxxxxxx>, Andreas Dilger <adilger.kernel@xxxxxxxxx>, "J. Bruce Fields" <bfields@xxxxxxxxxxxx>, Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>, Anna Schumaker <anna.schumaker@xxxxxxxxxx>, Dave Chinner <david@xxxxxxxxxxxxx>, linux-ext4@xxxxxxxxxxxxxxx, xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-nfs@xxxxxxxxxxxxxxx, linux-cifs@xxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx
Delivered-to:	xfs@xxxxxxxxxxx
In-reply-to:	<1467294433-3222-2-git-send-email-agruenba@xxxxxxxxxx>
References:	<1467294433-3222-1-git-send-email-agruenba@xxxxxxxxxx> <1467294433-3222-2-git-send-email-agruenba@xxxxxxxxxx>

On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
> The vfs does not apply the umask for file systems that support acls.
> The test used for this used to be called IS_POSIXACL().ÂÂSwitch to a new
> IS_ACL() test to check for either posix acls or richacls instead.ÂÂAdd a
> new MS_RICHACL flag and IS_RICHACL() test for richacls alone.ÂÂThe
> IS_POSIXACL() test is still needed in some places like nfsd.
> 
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> Reviewed-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> Reviewed-by: Andreas Dilger <adilger@xxxxxxxxx>
> Reviewed-by: Steve French <steve.french@xxxxxxxxxxxxxxx>
> ---
> Âfs/KconfigÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ3 +++
> Âfs/namei.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ6 +++---
> Âinclude/linux/fs.hÂÂÂÂÂÂ| 12 ++++++++++++
> Âinclude/uapi/linux/fs.h |ÂÂ3 ++-
> Â4 files changed, 20 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/Kconfig b/fs/Kconfig
> index b8fcb41..de6de55 100644
> --- a/fs/Kconfig
> +++ b/fs/Kconfig
> @@ -64,6 +64,9 @@ endif # BLOCK
> Âconfig FS_POSIX_ACL
> Â     def_bool n
> Â
> +config FS_RICHACL
> +     def_bool n
> +
> Âconfig EXPORTFS
> Â     tristate
> Â
> diff --git a/fs/namei.c b/fs/namei.c
> index 70580ab..7cc5487 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -3115,7 +3115,7 @@ static int lookup_open(struct nameidata *nd, struct 
> path *path,
> Â     Â* O_EXCL open we want to return EEXIST not EROFS).
> Â     Â*/
> Â     if (open_flag & O_CREAT) {
> -             if (!IS_POSIXACL(dir->d_inode))
> +             if (!IS_ACL(dir->d_inode))
> Â                     mode &= ~current_umask();
> Â             if (unlikely(!got_write)) {
> Â                     create_error = -EROFS;
> @@ -3709,7 +3709,7 @@ retry:
> Â     if (IS_ERR(dentry))
> Â             return PTR_ERR(dentry);
> Â
> -     if (!IS_POSIXACL(path.dentry->d_inode))
> +     if (!IS_ACL(path.dentry->d_inode))
> Â             mode &= ~current_umask();
> Â     error = security_path_mknod(&path, dentry, mode, dev);
> Â     if (error)
> @@ -3780,7 +3780,7 @@ retry:
> Â     if (IS_ERR(dentry))
> Â             return PTR_ERR(dentry);
> Â
> -     if (!IS_POSIXACL(path.dentry->d_inode))
> +     if (!IS_ACL(path.dentry->d_inode))
> Â             mode &= ~current_umask();
> Â     error = security_path_mkdir(&path, dentry, mode);
> Â     if (!error)
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index dd28814..4ad130c 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1850,6 +1850,12 @@ struct super_operations {
> Â#define IS_IMMUTABLE(inode)  ((inode)->i_flags & S_IMMUTABLE)
> Â#define IS_POSIXACL(inode)   __IS_FLG(inode, MS_POSIXACL)
> Â
> +#ifdef CONFIG_FS_RICHACL
> +#define IS_RICHACL(inode)    __IS_FLG(inode, MS_RICHACL)
> +#else
> +#define IS_RICHACL(inode)    0
> +#endif
> +
> Â#define IS_DEADDIR(inode)    ((inode)->i_flags & S_DEAD)
> Â#define IS_NOCMTIME(inode)   ((inode)->i_flags & S_NOCMTIME)
> Â#define IS_SWAPFILE(inode)   ((inode)->i_flags & S_SWAPFILE)
> @@ -1863,6 +1869,12 @@ struct super_operations {
> Â                             Â(inode)->i_rdev == WHITEOUT_DEV)
> Â
> Â/*
> + * IS_ACL() tells the VFS to not apply the umask
> + * and use check_acl for acl permission checks when defined.
> + */
> +#define IS_ACL(inode)                __IS_FLG(inode, MS_POSIXACL | 
> MS_RICHACL)
> +
> +/*
> Â * Inode state bits.ÂÂProtected by inode->i_lock
> Â *
> Â * Three bits determine the dirty state of the inode, I_DIRTY_SYNC,
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 3b00f7c..f9c41ef 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -120,7 +120,7 @@ struct inodes_stat_t {
> Â#define MS_VERBOSE   32768   /* War is peace. Verbosity is silence.
> Â                             ÂÂÂMS_VERBOSE is deprecated. */
> Â#define MS_SILENT    32768
> -#define MS_POSIXACL  (1<<16) /* VFS does not apply the umask */
> +#define MS_POSIXACL  (1<<16) /* Supports POSIX ACLs */
> Â#define MS_UNBINDABLE        (1<<17) /* change to unbindable */
> Â#define MS_PRIVATE   (1<<18) /* change to private */
> Â#define MS_SLAVE     (1<<19) /* change to slave */
> @@ -130,6 +130,7 @@ struct inodes_stat_t {
> Â#define MS_I_VERSION (1<<23) /* Update inode I_version field */
> Â#define MS_STRICTATIME       (1<<24) /* Always perform atime updates */
> Â#define MS_LAZYTIME  (1<<25) /* Update the on-disk [acm]times lazily */
> +#define MS_RICHACL   (1<<26) /* Supports richacls */
> Â
> Â/* These sb flags are internal to the kernel */
> Â#define MS_NOSEC     (1<<28)

Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests, Jeff Layton <=

Previous by Date:	Re: Bed business, pennywang81@xxxxxxx
Next by Date:	Re: [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags, Jeff Layton
Previous by Thread:	Re: Bed business, pennywang81@xxxxxxx
Next by Thread:	Re: [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags, Jeff Layton
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests