On Sat, Oct 24, 2015 at 11:16:08PM +0200, Andreas Gruenbacher wrote:
> Map uids and gids in the trusted.SGI_ACL_{FILE,DEFAULT} attributes between
> the kernel and user-space namespaces. This needs to be done in the
> filesystem because the VFS is unaware of those attributes; for the standard
> POSIX ACL attributes, the VFS takes care of that for us.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> ---
> fs/xfs/xfs_acl.c | 29 +++++++++++++++++++----------
> 1 file changed, 19 insertions(+), 10 deletions(-)
>
> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
> index 0eea7ee..64ffb85 100644
> --- a/fs/xfs/xfs_acl.c
> +++ b/fs/xfs/xfs_acl.c
> @@ -39,7 +39,8 @@ STATIC struct posix_acl *
> xfs_acl_from_disk(
> const struct xfs_acl *aclp,
> int len,
> - int max_entries)
> + int max_entries,
> + struct user_namespace *ns)
> {
> struct posix_acl_entry *acl_e;
> struct posix_acl *acl;
> @@ -71,10 +72,10 @@ xfs_acl_from_disk(
>
> switch (acl_e->e_tag) {
> case ACL_USER:
> - acl_e->e_uid = xfs_uid_to_kuid(be32_to_cpu(ace->ae_id));
> + acl_e->e_uid = make_kuid(ns, be32_to_cpu(ace->ae_id));
Please don't replace the xfs wrappers with the horribly named
generic functions. Pass the namespace to xfs_uid_to_kuid(), and
modify them, please. That way people who don't deal with namespaces
every day can tell exactly what format conversion is taking place
just by reading the code...
This namespace stuff is awful twisty. The posix layer does a user-ns
to init-ns conversion and here we do a no-op init-ns to init-ns
conversion. That needs comments in the code to explain exactly why
one path needs user-ns conversion and the other doesn't, because I'm
sure as hell not going to remember why these code paths are
different in 6 months time.
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
|