These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
---
includ
These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Steve French
---
include/linux/fs.h | 2 ++
1 file changed, 2 insertions(+)
diff
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't care which
kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Cc: Andreas Dilger <adil...@dilger.ca>
---
drivers/staging/lustre/
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't care which
kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher
Cc: Andreas Dilger
---
drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +-
fs/9p/acl.c
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
check in a richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/richacl.c | 112 +++
include/linux/ri
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
check in a richacl.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Jeff Layton
---
fs/richacl.c | 112 +++
include/linux/richacl.h | 2 +
include/uapi/linux/richacl.h | 44 +
3 files
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata.c
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itself.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com&
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
---
fs/namei.c | 49
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itself.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
Review
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
---
fs/Kconfig | 3 +++
fs/namei.c | 6 +++---
include/linux/fs.h | 12
\
richacl-2016-08-16
The richacl user-space utilitites, man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-space packages for richacl:
https://github.com/andreas-gruenbacher/coreutils
https://github.com/andreas-gruenbacher
\
richacl-2016-08-16
The richacl user-space utilitites, man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-space packages for richacl:
https://github.com/andreas-gruenbacher/coreutils
https://github.com/andreas-gruenbacher
Fabian,
On Sun, Jul 24, 2016 at 4:24 PM, Fabian Frederick wrote:
> Replace 1 << value shift by more explicit BIT() macro
>
> Also fixes two bare unsigned definitions:
>
> WARNING: Prefer 'unsigned int' to bare use of 'unsigned'
> + unsigned hsize = BIT(ip->i_depth);
Fabian,
On Sun, Jul 24, 2016 at 4:24 PM, Fabian Frederick wrote:
> Replace 1 << value shift by more explicit BIT() macro
>
> Also fixes two bare unsigned definitions:
>
> WARNING: Prefer 'unsigned int' to bare use of 'unsigned'
> + unsigned hsize = BIT(ip->i_depth);
this patch is
Richacls support permissions that allow to take ownership of a file,
change the file permissions, and set the file timestamps. Support that
by introducing new permission mask flags and by checking for those mask
flags in inode_change_ok().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
Richacls support permissions that allow to take ownership of a file,
change the file permissions, and set the file timestamps. Support that
by introducing new permission mask flags and by checking for those mask
flags in inode_change_ok().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
Review
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata.c
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
---
fs/Kconfig | 3 +++
fs/namei.c | 6 +++---
include/linux/fs.h | 12
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
---
fs/namei.c | 49
check in a richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/richacl.c | 112 +++
include/linux/ri
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't care which
kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Cc: Andreas Dilger <adil...@dilger.ca>
---
drivers/staging/lustre/
check in a richacl.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Jeff Layton
---
fs/richacl.c | 112 +++
include/linux/richacl.h | 2 +
include/uapi/linux/richacl.h | 44 +
3 files
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't care which
kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher
Cc: Andreas Dilger
---
drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +-
fs/9p/acl.c
be computed from the file permission bits.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/richacl.c| 104
inclu
be computed from the file permission bits.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Jeff Layton
---
fs/richacl.c| 104
include/linux/richacl.h | 1 +
2 files changed, 105 insertions(+)
diff --git a/fs
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/richacl.c | 22
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Jeff Layton
---
fs/richacl.c | 22
fs/richacl_xattr.c| 61
permission). The POSIX.1 standard calls this an
alternate file access control mechanism. A subsequent chmod() would
ensure that those permissions are disabled again.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Acked-by: Jeff
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/namei.c | 54 --
1 file changed, 52 insertions(+), 2 deleti
determines the file masks and file permission bits,
and the umask is ignored.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/richacl.c| 151
include/linux/richacl.
eesh.ku...@linux.vnet.ibm.com>
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
---
fs/ext4/Kconfig | 11 +
fs/ext4/Makefile| 1 +
fs/ext4/file.c | 3 ++
fs/ext4/ialloc.c| 11 -
fs/ext4/inode.c
These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
---
includ
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
to "undo" applying the create mode; see richacl_compute_max_masks().
They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to
indicate to the kernel to ignore the create mode in the first place when there
are inherited permissions would be nice to have.)
Signed-off-b
permission). The POSIX.1 standard calls this an
alternate file access control mechanism. A subsequent chmod() would
ensure that those permissions are disabled again.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Acked-by: Jeff Layton
---
fs/richacl.c| 71
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Jeff Layton
---
fs/namei.c | 54 --
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index
determines the file masks and file permission bits,
and the umask is ignored.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Jeff Layton
---
fs/richacl.c| 151
include/linux/richacl.h | 2 +
2 files changed, 153 insertions(+)
diff
From: "Aneesh Kumar K.V"
Support the richacl permission model in ext4. The richacls are stored
in "system.richacl" xattrs. Richacls need to be enabled by tune2fs or
at file system create time.
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Andreas Gruenbacher
Reviewe
These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Steve French
---
include/linux/fs.h | 2 ++
1 file changed, 2 insertions(+)
diff
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
to "undo" applying the create mode; see richacl_compute_max_masks().
They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to
indicate to the kernel to ignore the create mode in the first place when there
are inherited permissions would be nice to have.)
Signed-off-b
Cache richacls in struct inode so that this doesn't have to be done
individually in each filesystem. This is similar to POSIX ACLs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/inode.c | 13 +---
fs/richacl.c
Map between "system.richacl" xattrs and the in-kernel representation.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/Makefile| 2 +-
fs/richacl_xattr.c
By moving those functions into fs/posix_acl.c and fs/richacl.c, the
ifdefs can be moved into include/linux/posix_acl.h and
include/linux/richacl.h. This may be seen as a small improvement.
Suggested-by: Jeff Layton <jlay...@redhat.com>
Signed-off-by: Andreas Gruenbacher <agrue...@r
algorithm), and the file mask that applies to the
process includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Jeff Layton <jlay...@redhat.com>
---
fs/Makefile
, richacls are
automatically enabled and using the "noacl" mount option leads to an error.
Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.vnet.ibm.com>
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilg
Cache richacls in struct inode so that this doesn't have to be done
individually in each filesystem. This is similar to POSIX ACLs.
Signed-off-by: Andreas Gruenbacher
---
fs/inode.c | 13 +---
fs/richacl.c| 81
Map between "system.richacl" xattrs and the in-kernel representation.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Jeff Layton
---
fs/Makefile| 2 +-
fs/richacl_xattr.c | 161 +
include/linux/richa
By moving those functions into fs/posix_acl.c and fs/richacl.c, the
ifdefs can be moved into include/linux/posix_acl.h and
include/linux/richacl.h. This may be seen as a small improvement.
Suggested-by: Jeff Layton
Signed-off-by: Andreas Gruenbacher
---
fs/namei.c| 72
algorithm), and the file mask that applies to the
process includes the requested permissions.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Jeff Layton
---
fs/Makefile | 1 +
fs/richacl.c | 65
include/linux
using the "noacl" mount option leads to an error.
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Andreas Dilger
---
fs/ext4/ext4.h | 6 --
fs/ext4/super.c | 49 -
2 files changed, 44 insertions(+
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itself.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com&
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itself.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Steve French
Reviewed-by: Jeff Layton
man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-space packages for richacl:
https://github.com/andreas-gruenbacher/coreutils
https://github.com/andreas-gruenbacher/e2fsprogs
https://github.com/andreas-gruenbacher/sam
man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-space packages for richacl:
https://github.com/andreas-gruenbacher/coreutils
https://github.com/andreas-gruenbacher/e2fsprogs
https://github.com/andreas-gruenbacher/sam
On Tue, Jul 12, 2016 at 2:13 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Hook the richacl permission checking function into the vfs.
>>
>> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.c
On Tue, Jul 12, 2016 at 2:13 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Hook the richacl permission checking function into the vfs.
>>
>> Signed-off-by: Andreas Gruenbacher
>&
On Tue, Jul 12, 2016 at 2:02 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Map between "system.richacl" xattrs and the in-kernel representation.
>>
>> Signed-off-by: Andreas Gruenbacher <agr
On Tue, Jul 12, 2016 at 2:02 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Map between "system.richacl" xattrs and the in-kernel representation.
>>
>> Signed-off-by: Andreas Gruenbacher
>> ---
>> fs/Make
On Wed, Jul 6, 2016 at 8:57 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Cache richacls in struct inode so that this doesn't have to be done
>> individually in each filesystem. This is similar to POSIX A
On Wed, Jul 6, 2016 at 8:57 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> Cache richacls in struct inode so that this doesn't have to be done
>> individually in each filesystem. This is similar to POSIX ACLs.
>>
>> Signed-
Frank,
On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz wrote:
>> > + * Note: functions like richacl_allowed_to_who(),
>> > +richacl_group_class_allowed(),
>> > + * and richacl_compute_max_masks() iterate through the entire acl in
>> > +reverse
>> > + * order as an
Frank,
On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz wrote:
>> > + * Note: functions like richacl_allowed_to_who(),
>> > +richacl_group_class_allowed(),
>> > + * and richacl_compute_max_masks() iterate through the entire acl in
>> > +reverse
>> > + * order as an optimization.
>> > + *
>> > + * In
On Tue, Jul 12, 2016 at 9:11 PM, J. Bruce Fields wrote:
> On Tue, Jul 12, 2016 at 07:56:00AM -0400, Jeff Layton wrote:
>> Barf. AI seems like a trainwreck waiting to happen. What are the
>> chances that userland is going to get this right?
>
> This is just taken from
On Tue, Jul 12, 2016 at 9:11 PM, J. Bruce Fields wrote:
> On Tue, Jul 12, 2016 at 07:56:00AM -0400, Jeff Layton wrote:
>> Barf. AI seems like a trainwreck waiting to happen. What are the
>> chances that userland is going to get this right?
>
> This is just taken from Windows, so presumably Samba
On Tue, Jul 5, 2016 at 4:59 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> A richacl roughly grants a requested access if the NFSv4 acl in the
>> richacl grants the requested permissions according to the NFSv
On Tue, Jul 5, 2016 at 4:59 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote:
>> A richacl roughly grants a requested access if the NFSv4 acl in the
>> richacl grants the requested permissions according to the NFSv4
>> permission check a
On Tue, Jul 5, 2016 at 3:39 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
>> We need to map from POSIX permissions to NFSv4 permissions when a
>> chmod() is done, from NFSv4 permissions to POSIX permissions when an
On Tue, Jul 5, 2016 at 3:39 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
>> We need to map from POSIX permissions to NFSv4 permissions when a
>> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl
>> is set (
On Tue, Jul 5, 2016 at 1:34 PM, Jeff Layton <jlay...@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
>> A richacl consists of an NFSv4 acl and an owner, group, and other mask.
>> These three masks correspond to the owner, group, and other fi
On Tue, Jul 5, 2016 at 1:34 PM, Jeff Layton wrote:
> On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
>> A richacl consists of an NFSv4 acl and an owner, group, and other mask.
>> These three masks correspond to the owner, group, and other file
>> permission b
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata
check in a richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl.c | 118 +++
include/linux/richacl.h | 3 ++
include/uapi/linux/ric
and create access when
replacing an existing file in vfs_rename().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
---
fs/namei.c | 49 +
include/linux/fs.h | 2 ++
2
check in a richacl.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl.c | 118 +++
include/linux/richacl.h | 3 ++
include/uapi/linux/richacl.h | 44
3 files changed, 165 insertions
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
---
fs/Kconfig
Both XATTR_NAME_POSIX_ACL_ACCESS and XATTR_NAME_POSIX_ACL_DEFAULT have
the same XATTR_SYSTEM_PREFIX prefix; don't check for the same prefix
repeatedly.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Steve French <steve.fre...@primarydata.com>
---
fs/
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J
() test is still needed in some places like nfsd.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
Reviewed-by: Andreas Dilger
Reviewed-by: Steve French
---
fs/Kconfig | 3 +++
fs/namei.c | 6 +++---
include/linux/fs.h | 12
include/uapi
Both XATTR_NAME_POSIX_ACL_ACCESS and XATTR_NAME_POSIX_ACL_DEFAULT have
the same XATTR_SYSTEM_PREFIX prefix; don't check for the same prefix
repeatedly.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Steve French
---
fs/xattr.c | 29 +++--
1 file changed, 23 insertions
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/richacl.c | 22
fs/richacl_xattr.c
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/namei.c | 54 --
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 7
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher
---
fs/richacl.c | 22
fs/richacl_xattr.c| 61
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher
---
fs/namei.c | 54 --
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 7a822d0..48c9958 100644
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
permission). The POSIX.1 standard calls this an
alternate file access control mechanism. A subsequent chmod() would
ensure that those permissions are disabled again.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl.c
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't care which
kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Cc: Andreas Dilger <adil...@dilger.ca>
---
drivers/staging/lustre/
Map between "system.richacl" xattrs and the in-kernel representation.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/Makefile| 2 +-
fs/richacl_xattr.c | 161 +
include/linux/richacl_xa
301 - 400 of 2694 matches
Mail list logo