[PATCH v25 11/22] vfs: Add get_richacl and set_richacl inode operations

These operations are similar to the get_acl and set_acl operations for POSIX ACLs. The distinction between access and default ACLs doesn't exist for richacls. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Steve French <steve.fre...@primarydata.com> --- includ

[PATCH v25 11/22] vfs: Add get_richacl and set_richacl inode operations

These operations are similar to the get_acl and set_acl operations for POSIX ACLs. The distinction between access and default ACLs doesn't exist for richacls. Signed-off-by: Andreas Gruenbacher Reviewed-by: Steve French --- include/linux/fs.h | 2 ++ 1 file changed, 2 insertions(+) diff

[PATCH v25 10/22] vfs: Cache base_acl objects in inodes

, introduce a new base_acl type and convert i_acl and i_default_acl to that type. In most cases, the vfs then doesn't care which kind of acl an inode caches (if any). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Cc: Andreas Dilger <adil...@dilger.ca> --- drivers/staging/lustre/

[PATCH v25 10/22] vfs: Cache base_acl objects in inodes

, introduce a new base_acl type and convert i_acl and i_default_acl to that type. In most cases, the vfs then doesn't care which kind of acl an inode caches (if any). Signed-off-by: Andreas Gruenbacher Cc: Andreas Dilger --- drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +- fs/9p/acl.c

[PATCH v25 09/22] richacl: Compute maximum file masks from an acl

masks (such as setting an acl via nfsd). When user-space sets an acl via setxattr, the extended attribute already includes the file masks. Setting an acl also sets the file mode permission bits: they are determined by the file masks; see richacl_masks_to_mode(). Signed-off-by: Andreas Gruenbacher

[PATCH v25 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/richacl.c | 112 +++ include/linux/ri

[PATCH v25 09/22] richacl: Compute maximum file masks from an acl

masks (such as setting an acl via nfsd). When user-space sets an acl via setxattr, the extended attribute already includes the file masks. Setting an acl also sets the file mode permission bits: they are determined by the file masks; see richacl_masks_to_mode(). Signed-off-by: Andreas Gruenbacher

[PATCH v25 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Jeff Layton --- fs/richacl.c | 112 +++ include/linux/richacl.h | 2 + include/uapi/linux/richacl.h | 44 + 3 files

[PATCH v25 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata.c

[PATCH v25 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags

checking for delete access inside a directory, and MAY_DELETE_SELF when checking for delete access to a file itself. The MAY_DELETE_SELF permission overrides the sticky directory check. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com&

[PATCH v25 04/22] vfs: Make the inode passed to inode_change_ok non-const

We will need to call iop->permission and iop->get_acl from inode_change_ok() for additional permission checks, and both take a non-const inode. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger

[PATCH v25 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff Layton --- fs/namei.c | 49

[PATCH v25 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags

checking for delete access inside a directory, and MAY_DELETE_SELF when checking for delete access to a file itself. The MAY_DELETE_SELF permission overrides the sticky directory check. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Steve French Reviewed-by: Jeff Layton

[PATCH v25 04/22] vfs: Make the inode passed to inode_change_ok non-const

We will need to call iop->permission and iop->get_acl from inode_change_ok() for additional permission checks, and both take a non-const inode. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff

[PATCH v25 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata.com> Review

[PATCH v25 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff Layton --- fs/Kconfig | 3 +++ fs/namei.c | 6 +++--- include/linux/fs.h | 12

[PATCH v25 00/22] Richacls (Core and Ext4)

\ richacl-2016-08-16 The richacl user-space utilitites, man pages, and test suite are available here: https://github.com/andreas-gruenbacher/richacl Changes to other user-space packages for richacl: https://github.com/andreas-gruenbacher/coreutils https://github.com/andreas-gruenbacher

[PATCH v25 00/22] Richacls (Core and Ext4)

\ richacl-2016-08-16 The richacl user-space utilitites, man pages, and test suite are available here: https://github.com/andreas-gruenbacher/richacl Changes to other user-space packages for richacl: https://github.com/andreas-gruenbacher/coreutils https://github.com/andreas-gruenbacher

Re: [Cluster-devel] [PATCH 1/1 linux-next] GFS2: use BIT() macro

Fabian, On Sun, Jul 24, 2016 at 4:24 PM, Fabian Frederick wrote: > Replace 1 << value shift by more explicit BIT() macro > > Also fixes two bare unsigned definitions: > > WARNING: Prefer 'unsigned int' to bare use of 'unsigned' > + unsigned hsize = BIT(ip->i_depth);

Re: [Cluster-devel] [PATCH 1/1 linux-next] GFS2: use BIT() macro

Fabian, On Sun, Jul 24, 2016 at 4:24 PM, Fabian Frederick wrote: > Replace 1 << value shift by more explicit BIT() macro > > Also fixes two bare unsigned definitions: > > WARNING: Prefer 'unsigned int' to bare use of 'unsigned' > + unsigned hsize = BIT(ip->i_depth); this patch is

[PATCH v24 05/22] vfs: Add permission flags for setting file attributes

Richacls support permissions that allow to take ownership of a file, change the file permissions, and set the file timestamps. Support that by introducing new permission mask flags and by checking for those mask flags in inode_change_ok(). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.

[PATCH v24 05/22] vfs: Add permission flags for setting file attributes

Richacls support permissions that allow to take ownership of a file, change the file permissions, and set the file timestamps. Support that by introducing new permission mask flags and by checking for those mask flags in inode_change_ok(). Signed-off-by: Andreas Gruenbacher Reviewed-by: J

[PATCH v24 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata.com> Review

[PATCH v24 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata.c

[PATCH v24 08/22] richacl: Permission check algorithm

A richacl roughly grants a requested access if the NFSv4 acl in the richacl grants the requested permissions according to the NFSv4 permission check algorithm and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.

[PATCH v24 04/22] vfs: Make the inode passed to inode_change_ok non-const

We will need to call iop->permission and iop->get_acl from inode_change_ok() for additional permission checks, and both take a non-const inode. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger

[PATCH v24 08/22] richacl: Permission check algorithm

A richacl roughly grants a requested access if the NFSv4 acl in the richacl grants the requested permissions according to the NFSv4 permission check algorithm and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher Reviewed-by: J

[PATCH v24 04/22] vfs: Make the inode passed to inode_change_ok non-const

We will need to call iop->permission and iop->get_acl from inode_change_ok() for additional permission checks, and both take a non-const inode. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff

[PATCH v24 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff Layton --- fs/Kconfig | 3 +++ fs/namei.c | 6 +++--- include/linux/fs.h | 12

[PATCH v24 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French Reviewed-by: Jeff Layton --- fs/namei.c | 49

[PATCH v24 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/richacl.c | 112 +++ include/linux/ri

[PATCH v24 10/22] vfs: Cache base_acl objects in inodes

, introduce a new base_acl type and convert i_acl and i_default_acl to that type. In most cases, the vfs then doesn't care which kind of acl an inode caches (if any). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Cc: Andreas Dilger <adil...@dilger.ca> --- drivers/staging/lustre/

[PATCH v24 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Jeff Layton --- fs/richacl.c | 112 +++ include/linux/richacl.h | 2 + include/uapi/linux/richacl.h | 44 + 3 files

[PATCH v24 10/22] vfs: Cache base_acl objects in inodes

, introduce a new base_acl type and convert i_acl and i_default_acl to that type. In most cases, the vfs then doesn't care which kind of acl an inode caches (if any). Signed-off-by: Andreas Gruenbacher Cc: Andreas Dilger --- drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +- fs/9p/acl.c

[PATCH v24 14/22] richacl: Check if an acl is equivalent to a file mode

be computed from the file permission bits. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/richacl.c| 104 inclu

[PATCH v24 14/22] richacl: Check if an acl is equivalent to a file mode

be computed from the file permission bits. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Jeff Layton --- fs/richacl.c| 104 include/linux/richacl.h | 1 + 2 files changed, 105 insertions(+) diff --git a/fs

[PATCH v24 18/22] richacl: Add richacl xattr handler

Add richacl xattr handler implementing the xattr operations based on the get_richacl and set_richacl inode operations. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/richacl.c | 22

[PATCH v24 18/22] richacl: Add richacl xattr handler

Add richacl xattr handler implementing the xattr operations based on the get_richacl and set_richacl inode operations. Signed-off-by: Andreas Gruenbacher Reviewed-by: Jeff Layton --- fs/richacl.c | 22 fs/richacl_xattr.c| 61

[PATCH v24 13/22] richacl: Update the file masks in chmod()

permission). The POSIX.1 standard calls this an alternate file access control mechanism. A subsequent chmod() would ensure that those permissions are disabled again. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Acked-by: Jeff

[PATCH v24 19/22] vfs: Add richacl permission checking

Hook the richacl permission checking function into the vfs. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/namei.c | 54 -- 1 file changed, 52 insertions(+), 2 deleti

[PATCH v24 15/22] richacl: Create-time inheritance

determines the file masks and file permission bits, and the umask is ignored. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/richacl.c| 151 include/linux/richacl.

[PATCH v24 21/22] ext4: Add richacl support

eesh.ku...@linux.vnet.ibm.com> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> --- fs/ext4/Kconfig | 11 + fs/ext4/Makefile| 1 + fs/ext4/file.c | 3 ++ fs/ext4/ialloc.c| 11 - fs/ext4/inode.c

[PATCH v24 11/22] vfs: Add get_richacl and set_richacl inode operations

These operations are similar to the get_acl and set_acl operations for POSIX ACLs. The distinction between access and default ACLs doesn't exist for richacls. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Steve French <steve.fre...@primarydata.com> --- includ

[PATCH v24 09/22] richacl: Compute maximum file masks from an acl

masks (such as setting an acl via nfsd). When user-space sets an acl via setxattr, the extended attribute already includes the file masks. Setting an acl also sets the file mode permission bits: they are determined by the file masks; see richacl_masks_to_mode(). Signed-off-by: Andreas Gruenbacher

[PATCH v24 16/22] richacl: Automatic Inheritance

to "undo" applying the create mode; see richacl_compute_max_masks(). They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to indicate to the kernel to ignore the create mode in the first place when there are inherited permissions would be nice to have.) Signed-off-b

[PATCH v24 13/22] richacl: Update the file masks in chmod()

permission). The POSIX.1 standard calls this an alternate file access control mechanism. A subsequent chmod() would ensure that those permissions are disabled again. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Acked-by: Jeff Layton --- fs/richacl.c| 71

[PATCH v24 19/22] vfs: Add richacl permission checking

Hook the richacl permission checking function into the vfs. Signed-off-by: Andreas Gruenbacher Reviewed-by: Jeff Layton --- fs/namei.c | 54 -- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index

[PATCH v24 15/22] richacl: Create-time inheritance

determines the file masks and file permission bits, and the umask is ignored. Signed-off-by: Andreas Gruenbacher Reviewed-by: Jeff Layton --- fs/richacl.c| 151 include/linux/richacl.h | 2 + 2 files changed, 153 insertions(+) diff

[PATCH v24 21/22] ext4: Add richacl support

From: "Aneesh Kumar K.V" Support the richacl permission model in ext4. The richacls are stored in "system.richacl" xattrs. Richacls need to be enabled by tune2fs or at file system create time. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andreas Gruenbacher Reviewe

[PATCH v24 11/22] vfs: Add get_richacl and set_richacl inode operations

These operations are similar to the get_acl and set_acl operations for POSIX ACLs. The distinction between access and default ACLs doesn't exist for richacls. Signed-off-by: Andreas Gruenbacher Reviewed-by: Steve French --- include/linux/fs.h | 2 ++ 1 file changed, 2 insertions(+) diff

[PATCH v24 09/22] richacl: Compute maximum file masks from an acl

masks (such as setting an acl via nfsd). When user-space sets an acl via setxattr, the extended attribute already includes the file masks. Setting an acl also sets the file mode permission bits: they are determined by the file masks; see richacl_masks_to_mode(). Signed-off-by: Andreas Gruenbacher

[PATCH v24 16/22] richacl: Automatic Inheritance

to "undo" applying the create mode; see richacl_compute_max_masks(). They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to indicate to the kernel to ignore the create mode in the first place when there are inherited permissions would be nice to have.) Signed-off-b

[PATCH v24 12/22] vfs: Cache richacl in struct inode

Cache richacls in struct inode so that this doesn't have to be done individually in each filesystem. This is similar to POSIX ACLs. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> --- fs/inode.c | 13 +--- fs/richacl.c

[PATCH v24 17/22] richacl: xattr mapping functions

Map between "system.richacl" xattrs and the in-kernel representation. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/Makefile| 2 +- fs/richacl_xattr.c

[PATCH v24 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c

By moving those functions into fs/posix_acl.c and fs/richacl.c, the ifdefs can be moved into include/linux/posix_acl.h and include/linux/richacl.h. This may be seen as a small improvement. Suggested-by: Jeff Layton <jlay...@redhat.com> Signed-off-by: Andreas Gruenbacher <agrue...@r

[PATCH v24 06/22] richacl: In-memory representation and helper functions

algorithm), and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Jeff Layton <jlay...@redhat.com> --- fs/Makefile

[PATCH v24 22/22] ext4: Add richacl feature flag

, richacls are automatically enabled and using the "noacl" mount option leads to an error. Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.vnet.ibm.com> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilg

[PATCH v24 12/22] vfs: Cache richacl in struct inode

Cache richacls in struct inode so that this doesn't have to be done individually in each filesystem. This is similar to POSIX ACLs. Signed-off-by: Andreas Gruenbacher --- fs/inode.c | 13 +--- fs/richacl.c| 81

[PATCH v24 17/22] richacl: xattr mapping functions

Map between "system.richacl" xattrs and the in-kernel representation. Signed-off-by: Andreas Gruenbacher Reviewed-by: Jeff Layton --- fs/Makefile| 2 +- fs/richacl_xattr.c | 161 + include/linux/richa

[PATCH v24 20/22] vfs: Move check_posix_acl and check_richacl out of fs/namei.c

By moving those functions into fs/posix_acl.c and fs/richacl.c, the ifdefs can be moved into include/linux/posix_acl.h and include/linux/richacl.h. This may be seen as a small improvement. Suggested-by: Jeff Layton Signed-off-by: Andreas Gruenbacher --- fs/namei.c| 72

[PATCH v24 06/22] richacl: In-memory representation and helper functions

algorithm), and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Jeff Layton --- fs/Makefile | 1 + fs/richacl.c | 65 include/linux

[PATCH v24 22/22] ext4: Add richacl feature flag

using the "noacl" mount option leads to an error. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andreas Gruenbacher Reviewed-by: Andreas Dilger --- fs/ext4/ext4.h | 6 -- fs/ext4/super.c | 49 - 2 files changed, 44 insertions(+

[PATCH v24 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags

checking for delete access inside a directory, and MAY_DELETE_SELF when checking for delete access to a file itself. The MAY_DELETE_SELF permission overrides the sticky directory check. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com&

[PATCH v24 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags

checking for delete access inside a directory, and MAY_DELETE_SELF when checking for delete access to a file itself. The MAY_DELETE_SELF permission overrides the sticky directory check. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Steve French Reviewed-by: Jeff Layton

[PATCH v24 00/22] Richacls (Core and Ext4)

man pages, and test suite are available here: https://github.com/andreas-gruenbacher/richacl Changes to other user-space packages for richacl: https://github.com/andreas-gruenbacher/coreutils https://github.com/andreas-gruenbacher/e2fsprogs https://github.com/andreas-gruenbacher/sam

[PATCH v24 00/22] Richacls (Core and Ext4)

man pages, and test suite are available here: https://github.com/andreas-gruenbacher/richacl Changes to other user-space packages for richacl: https://github.com/andreas-gruenbacher/coreutils https://github.com/andreas-gruenbacher/e2fsprogs https://github.com/andreas-gruenbacher/sam

Re: [PATCH v23 20/22] vfs: Add richacl permission checking

On Tue, Jul 12, 2016 at 2:13 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Hook the richacl permission checking function into the vfs. >> >> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.c

Re: [PATCH v23 20/22] vfs: Add richacl permission checking

On Tue, Jul 12, 2016 at 2:13 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Hook the richacl permission checking function into the vfs. >> >> Signed-off-by: Andreas Gruenbacher >&

Re: [PATCH v23 18/22] richacl: xattr mapping functions

On Tue, Jul 12, 2016 at 2:02 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Map between "system.richacl" xattrs and the in-kernel representation. >> >> Signed-off-by: Andreas Gruenbacher <agr

Re: [PATCH v23 18/22] richacl: xattr mapping functions

On Tue, Jul 12, 2016 at 2:02 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Map between "system.richacl" xattrs and the in-kernel representation. >> >> Signed-off-by: Andreas Gruenbacher >> --- >> fs/Make

Re: [PATCH v23 13/22] vfs: Cache richacl in struct inode

On Wed, Jul 6, 2016 at 8:57 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Cache richacls in struct inode so that this doesn't have to be done >> individually in each filesystem. This is similar to POSIX A

Re: [PATCH v23 13/22] vfs: Cache richacl in struct inode

On Wed, Jul 6, 2016 at 8:57 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> Cache richacls in struct inode so that this doesn't have to be done >> individually in each filesystem. This is similar to POSIX ACLs. >> >> Signed-

Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl

Frank, On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz wrote: >> > + * Note: functions like richacl_allowed_to_who(), >> > +richacl_group_class_allowed(), >> > + * and richacl_compute_max_masks() iterate through the entire acl in >> > +reverse >> > + * order as an

Re: [PATCH v23 08/22] richacl: Compute maximum file masks from an acl

Frank, On Tue, Jul 5, 2016 at 7:08 PM, Frank Filz wrote: >> > + * Note: functions like richacl_allowed_to_who(), >> > +richacl_group_class_allowed(), >> > + * and richacl_compute_max_masks() iterate through the entire acl in >> > +reverse >> > + * order as an optimization. >> > + * >> > + * In

Re: [PATCH v23 17/22] richacl: Automatic Inheritance

On Tue, Jul 12, 2016 at 9:11 PM, J. Bruce Fields wrote: > On Tue, Jul 12, 2016 at 07:56:00AM -0400, Jeff Layton wrote: >> Barf. AI seems like a trainwreck waiting to happen. What are the >> chances that userland is going to get this right? > > This is just taken from

Re: [PATCH v23 17/22] richacl: Automatic Inheritance

On Tue, Jul 12, 2016 at 9:11 PM, J. Bruce Fields wrote: > On Tue, Jul 12, 2016 at 07:56:00AM -0400, Jeff Layton wrote: >> Barf. AI seems like a trainwreck waiting to happen. What are the >> chances that userland is going to get this right? > > This is just taken from Windows, so presumably Samba

Re: [PATCH v23 09/22] richacl: Permission check algorithm

On Tue, Jul 5, 2016 at 4:59 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> A richacl roughly grants a requested access if the NFSv4 acl in the >> richacl grants the requested permissions according to the NFSv

Re: [PATCH v23 09/22] richacl: Permission check algorithm

On Tue, Jul 5, 2016 at 4:59 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: >> A richacl roughly grants a requested access if the NFSv4 acl in the >> richacl grants the requested permissions according to the NFSv4 >> permission check a

Re: [PATCH v23 07/22] richacl: Permission mapping functions

On Tue, Jul 5, 2016 at 3:39 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote: >> We need to map from POSIX permissions to NFSv4 permissions when a >> chmod() is done, from NFSv4 permissions to POSIX permissions when an

Re: [PATCH v23 07/22] richacl: Permission mapping functions

On Tue, Jul 5, 2016 at 3:39 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote: >> We need to map from POSIX permissions to NFSv4 permissions when a >> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl >> is set (

Re: [PATCH v23 06/22] richacl: In-memory representation and helper functions

On Tue, Jul 5, 2016 at 1:34 PM, Jeff Layton <jlay...@redhat.com> wrote: > On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote: >> A richacl consists of an NFSv4 acl and an owner, group, and other mask. >> These three masks correspond to the owner, group, and other fi

Re: [PATCH v23 06/22] richacl: In-memory representation and helper functions

On Tue, Jul 5, 2016 at 1:34 PM, Jeff Layton wrote: > On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote: >> A richacl consists of an NFSv4 acl and an owner, group, and other mask. >> These three masks correspond to the owner, group, and other file >> permission b

[PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata

[PATCH v23 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> --- fs/richacl.c | 118 +++ include/linux/richacl.h | 3 ++ include/uapi/linux/ric

[PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags

and create access when replacing an existing file in vfs_rename(). Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French --- fs/namei.c | 49 + include/linux/fs.h | 2 ++ 2

[PATCH v23 07/22] richacl: Permission mapping functions

check in a richacl. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields --- fs/richacl.c | 118 +++ include/linux/richacl.h | 3 ++ include/uapi/linux/richacl.h | 44 3 files changed, 165 insertions

[PATCH v23 09/22] richacl: Permission check algorithm

A richacl roughly grants a requested access if the NFSv4 acl in the richacl grants the requested permissions according to the NFSv4 permission check algorithm and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.

[PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> Reviewed-by: Andreas Dilger <adil...@dilger.ca> Reviewed-by: Steve French <steve.fre...@primarydata.com> --- fs/Kconfig

[PATCH v23 10/22] posix_acl: Improve xattr fixup code

Both XATTR_NAME_POSIX_ACL_ACCESS and XATTR_NAME_POSIX_ACL_DEFAULT have the same XATTR_SYSTEM_PREFIX prefix; don't check for the same prefix repeatedly. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: Steve French <steve.fre...@primarydata.com> --- fs/

[PATCH v23 09/22] richacl: Permission check algorithm

A richacl roughly grants a requested access if the NFSv4 acl in the richacl grants the requested permissions according to the NFSv4 permission check algorithm and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher Reviewed-by: J

[PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

() test is still needed in some places like nfsd. Signed-off-by: Andreas Gruenbacher Reviewed-by: J. Bruce Fields Reviewed-by: Andreas Dilger Reviewed-by: Steve French --- fs/Kconfig | 3 +++ fs/namei.c | 6 +++--- include/linux/fs.h | 12 include/uapi

[PATCH v23 10/22] posix_acl: Improve xattr fixup code

Both XATTR_NAME_POSIX_ACL_ACCESS and XATTR_NAME_POSIX_ACL_DEFAULT have the same XATTR_SYSTEM_PREFIX prefix; don't check for the same prefix repeatedly. Signed-off-by: Andreas Gruenbacher Reviewed-by: Steve French --- fs/xattr.c | 29 +++-- 1 file changed, 23 insertions

[PATCH v23 19/22] richacl: Add richacl xattr handler

Add richacl xattr handler implementing the xattr operations based on the get_richacl and set_richacl inode operations. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> --- fs/richacl.c | 22 fs/richacl_xattr.c

[PATCH v23 20/22] vfs: Add richacl permission checking

Hook the richacl permission checking function into the vfs. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> --- fs/namei.c | 54 -- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 7

[PATCH v23 19/22] richacl: Add richacl xattr handler

Add richacl xattr handler implementing the xattr operations based on the get_richacl and set_richacl inode operations. Signed-off-by: Andreas Gruenbacher --- fs/richacl.c | 22 fs/richacl_xattr.c| 61

[PATCH v23 20/22] vfs: Add richacl permission checking

Hook the richacl permission checking function into the vfs. Signed-off-by: Andreas Gruenbacher --- fs/namei.c | 54 -- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 7a822d0..48c9958 100644

[PATCH v23 08/22] richacl: Compute maximum file masks from an acl

masks (such as setting an acl via nfsd). When user-space sets an acl via setxattr, the extended attribute already includes the file masks. Setting an acl also sets the file mode permission bits: they are determined by the file masks; see richacl_masks_to_mode(). Signed-off-by: Andreas Gruenbacher

[PATCH v23 14/22] richacl: Update the file masks in chmod()

permission). The POSIX.1 standard calls this an alternate file access control mechanism. A subsequent chmod() would ensure that those permissions are disabled again. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> --- fs/richacl.c

[PATCH v23 11/22] vfs: Cache base_acl objects in inodes

, introduce a new base_acl type and convert i_acl and i_default_acl to that type. In most cases, the vfs then doesn't care which kind of acl an inode caches (if any). Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Cc: Andreas Dilger <adil...@dilger.ca> --- drivers/staging/lustre/

[PATCH v23 18/22] richacl: xattr mapping functions

Map between "system.richacl" xattrs and the in-kernel representation. Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> --- fs/Makefile| 2 +- fs/richacl_xattr.c | 161 + include/linux/richacl_xa

<    1   2   3   4   5   6   7   8   9   10   >