Dave Chinner <[email protected]> writes: > On Sun, Apr 27, 2014 at 09:44:37PM +0530, Aneesh Kumar K.V wrote: >> From: Andreas Gruenbacher <[email protected]> >> >> Normally, deleting a file requires write access to the parent directory. >> Some permission models use a different permission on the parent >> directory to indicate delete access. In addition, a process can have >> per-file delete access even without delete access on the parent >> directory. >> >> Introduce two new inode_permission() mask flags and use them in >> may_delete() >> >> Signed-off-by: Andreas Gruenbacher <[email protected]> >> Signed-off-by: Aneesh Kumar K.V <[email protected]> >> --- >> fs/namei.c | 45 ++++++++++++++++++++++++++++++++++----------- >> include/linux/fs.h | 2 ++ >> 2 files changed, 36 insertions(+), 11 deletions(-) >> >> diff --git a/fs/namei.c b/fs/namei.c >> index 028bc8bcf77c..56ac7613fbca 100644 >> --- a/fs/namei.c >> +++ b/fs/namei.c >> @@ -446,7 +446,7 @@ static int sb_permission(struct super_block *sb, struct >> inode *inode, int mask) >> * changing the "normal" UIDs which are used for other things. >> * >> * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR, >> - * MAY_WRITE must also be set in @mask. >> + * MAY_DELETE_CHILD, MAY_DELETE_SELF, MAY_WRITE must also be set in @mask. >> */ >> int inode_permission(struct inode *inode, int mask) >> { >> @@ -2366,11 +2366,25 @@ kern_path_mountpoint(int dfd, const char *name, >> struct path *path, >> } >> EXPORT_SYMBOL(kern_path_mountpoint); >> >> + >> +/* >> + * We should have exec permission on directory and MAY_DELETE_SELF >> + * on the object being deleted. >> + */ >> +static int richacl_may_selfdelete(struct inode *dir, >> + struct inode *inode, int replace_mask) >> +{ >> + return (IS_RICHACL(inode) && >> + (inode_permission(dir, MAY_EXEC | replace_mask) == 0) && >> + (inode_permission(inode, MAY_DELETE_SELF) == 0)); >> +} > > Can't say I like these "richacl" prefixes. Why not just "may_*" > like all the other permission checks?
Will update. > > >> @@ -2414,13 +2431,19 @@ static int may_delete(struct inode *dir, struct >> dentry *victim, bool isdir) >> BUG_ON(victim->d_parent->d_inode != dir); >> audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE); >> >> - error = inode_permission(dir, MAY_WRITE | MAY_EXEC); >> + mask = MAY_WRITE | MAY_EXEC | MAY_DELETE_CHILD; >> + if (replace) >> + replace_mask = S_ISDIR(inode->i_mode) ? >> + MAY_CREATE_DIR : MAY_CREATE_FILE; >> + error = inode_permission(dir, mask | replace_mask); >> + if (error && richacl_may_selfdelete(dir, inode, replace_mask)) >> + error = 0; .... >> >> if (!(flags & RENAME_EXCHANGE)) >> - error = may_delete(new_dir, new_dentry, is_dir); >> + error = may_delete(new_dir, new_dentry, is_dir, 1); >> else >> - error = may_delete(new_dir, new_dentry, new_is_dir); >> + error = may_delete(new_dir, new_dentry, new_is_dir, 1); > > Another boolean parameter that means nothing at the call site. This > should really be passing a flags field, not a bunch of booleans that > are simply evaluated into flags... > Will update Thanks -aneesh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
