[PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces
Dave Chinner
david at fromorbit.com
Mon Oct 26 16:46:51 CDT 2015
On Sat, Oct 24, 2015 at 11:16:08PM +0200, Andreas Gruenbacher wrote:
> Map uids and gids in the trusted.SGI_ACL_{FILE,DEFAULT} attributes between
> the kernel and user-space namespaces. This needs to be done in the
> filesystem because the VFS is unaware of those attributes; for the standard
> POSIX ACL attributes, the VFS takes care of that for us.
>
> Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
> ---
> fs/xfs/xfs_acl.c | 29 +++++++++++++++++++----------
> 1 file changed, 19 insertions(+), 10 deletions(-)
>
> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
> index 0eea7ee..64ffb85 100644
> --- a/fs/xfs/xfs_acl.c
> +++ b/fs/xfs/xfs_acl.c
> @@ -39,7 +39,8 @@ STATIC struct posix_acl *
> xfs_acl_from_disk(
> const struct xfs_acl *aclp,
> int len,
> - int max_entries)
> + int max_entries,
> + struct user_namespace *ns)
> {
> struct posix_acl_entry *acl_e;
> struct posix_acl *acl;
> @@ -71,10 +72,10 @@ xfs_acl_from_disk(
>
> switch (acl_e->e_tag) {
> case ACL_USER:
> - acl_e->e_uid = xfs_uid_to_kuid(be32_to_cpu(ace->ae_id));
> + acl_e->e_uid = make_kuid(ns, be32_to_cpu(ace->ae_id));
Please don't replace the xfs wrappers with the horribly named
generic functions. Pass the namespace to xfs_uid_to_kuid(), and
modify them, please. That way people who don't deal with namespaces
every day can tell exactly what format conversion is taking place
just by reading the code...
This namespace stuff is awful twisty. The posix layer does a user-ns
to init-ns conversion and here we do a no-op init-ns to init-ns
conversion. That needs comments in the code to explain exactly why
one path needs user-ns conversion and the other doesn't, because I'm
sure as hell not going to remember why these code paths are
different in 6 months time.
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the xfs
mailing list