----- Original Message ----- | When changing a file's acl mask, __gfs2_set_acl() will first set the | group bits of i_mode to the value of the mask, and only then set the | actual extended attribute representing the new acl. | | If the second part fails (due to lack of space, for example) and the | file had no acl attribute to begin with, the system will from now on | assume that the mask permission bits are actual group permission bits, | potentially granting access to the wrong users. | | Prevent this by only changing the inode mode after the acl has been set. | | Signed-off-by: Ernesto A. Fernández <[email protected]> | ---
Hi Ernesto, This patch seems to be for Linus's tree, not the active "for-next" upstream development branch we use for GFS2. Since the last merge window, function __gfs2_set_acl was heavily modified by a patch from Jan Kara called "gfs2: Don't clear SGID when inheriting ACLs" which deleted the section of code you modified, in favor of another. So your patch does not apply to for-next. See: https://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git/commit/fs/gfs2?h=for-next&id=914cea93dd89f00b41c1d8ff93f17be47356a36a Can you rework this patch so it applies to the for-next branch of the linux-gfs2 git tree? Thanks. Regards, Bob Peterson Red Hat File Systems
