----- Original Message ----- | When changing a file's acl mask, __gfs2_set_acl() will first set the | group bits of i_mode to the value of the mask, and only then set the | actual extended attribute representing the new acl. | | If the second part fails (due to lack of space, for example) and the | file had no acl attribute to begin with, the system will from now on | assume that the mask permission bits are actual group permission bits, | potentially granting access to the wrong users. | | Prevent this by only changing the inode mode after the acl has been set. | | Signed-off-by: Ernesto A. Fernández <[email protected]> | --- Hi,
Thanks. This is now pushed to the for-next branch of the linux-gfs2 tree: https://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git/commit/fs/gfs2?h=for-next&id=309e8cda596f6552a32dd14b969ce9b17f837f2f Regards, Bob Peterson Red Hat File Systems
