Richacls support permissions that allow to take ownership of a file,
change the file permissions, and set the file timestamps. Support that
by introducing new permission mask flags and by checking for those mask
flags in inode_change_ok().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
access when replacing an existing
file via vfs_rename(), add a replace parameter to may_delete().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/namei.c | 43 +--
include/lin
is still needed by nfsd.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/Kconfig | 3 +++
fs/namei.c | 8
include/linux/fs.h | 12
include/uapi/linux/fs.h | 3
-2015-11-05
The richacl user-space utilitites, man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-space packages for richacl are available here:
https://github.com/andreas-gruenbacher/coreutils
https://github.com/andreas
permission). The POSIX.1 standard calls this an
alternate file access control mechanism. A subsequent chmod() would
ensure that those permissions are disabled again.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_base.
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itelf.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com
algorithm), and the file mask that applies to the
process includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/Makefile | 2 +
fs/richacl_base.c
Cache richacls in struct inode so that this doesn't have to be done
individually in each filesystem. This is similar to POSIX ACLs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/inode.c | 11 +--
fs/posix_acl.c | 2 +-
fs/richacl_inode.c
by
the inherited acl determines the file masks and file permission bits,
and the umask is ignored.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_base.c | 68 +++
fs/ric
to "undo" applying the create mode; see richacl_compute_max_masks().
They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to
indicate to the kernel to ignore the create mode in the first place when there
are inherited permissions would be nice to have.)
Signed-off-b
be computed from the file permission bits.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_base.c | 104
include/linux/richacl.h | 1 +
2 files changed, 10
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/richacl_xattr.c| 78 +++
include/linux/richacl_xattr.
Map between "system.richacl" xattrs and the in-kernel representation.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/Makefile| 2 +-
fs/richacl_xattr.c | 220 +
fs/xattr.c
eesh.ku...@linux.vnet.ibm.com>
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Andreas Dilger <adil...@dilger.ca>
---
fs/ext4/Kconfig | 11 +
fs/ext4/Makefile | 1 +
fs/ext4/file.c| 3 ++
fs/ext4/ialloc.c | 11 -
fs/ext4/inode.c | 1
acl_by_type(inode, type) returns a pointer to either inode->i_acl or
inode->i_default_acl depending on type. This is useful in
fs/posix_acl.c, but should never have been visible outside that file.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/posix_acl.c
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
, richacls are
automatically enabled and using the "noacl" mount option leads to an error.
Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.vnet.ibm.com>
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/ext4/ext4.h | 6 --
fs/ext4/super.c | 49
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/namei.c | 51 +--
fs/posix_acl.c | 6 +++---
2 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/fs/n
check in a richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_base.c| 118 +++
include/linux/richacl.h | 3 ++
include/uapi/linux/ric
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
Andreas,
On Wed, Nov 4, 2015 at 3:03 AM, Andreas Dilger wrote:
>> @@ -33,7 +33,7 @@ richacl_alloc(int count, gfp_t gfp)
>> struct richacl *acl = kzalloc(size, gfp);
>>
>> if (acl) {
>> - atomic_set(>a_refcount, 1);
>> + atomic_set(>a_base.ba_refcount, 1);
>>
Andreas,
On Tue, Nov 3, 2015 at 11:29 PM, Andreas Dilger wrote:
> On Nov 3, 2015, at 8:16 AM, Andreas Gruenbacher wrote:
>>
>> POSIX ACLs and richacls are both objects allocated by kmalloc() with a
>> reference count which are freed by kfree_rcu(). An inode can eith
Andreas,
On Tue, Nov 3, 2015 at 11:29 PM, Andreas Dilger <adil...@dilger.ca> wrote:
> On Nov 3, 2015, at 8:16 AM, Andreas Gruenbacher <agrue...@redhat.com> wrote:
>>
>> POSIX ACLs and richacls are both objects allocated by kmalloc() with a
>> reference c
Andreas,
On Wed, Nov 4, 2015 at 3:03 AM, Andreas Dilger wrote:
>> @@ -33,7 +33,7 @@ richacl_alloc(int count, gfp_t gfp)
>> struct richacl *acl = kzalloc(size, gfp);
>>
>> if (acl) {
>> - atomic_set(>a_refcount, 1);
>> +
On Wed, Nov 4, 2015 at 3:33 AM, Andreas Dilger wrote:
> On Nov 3, 2015, at 8:16 AM, Andreas Gruenbacher wrote:
>> @@ -3667,7 +3674,7 @@ EXPORT_SYMBOL(dentry_unhash);
>>
>> int vfs_rmdir(struct inode *dir, struct dentry *dentry)
>> {
>> - int error = may_del
On Wed, Nov 4, 2015 at 3:28 AM, Andreas Gruenbacher wrote:
> It's the commit message that's misleading here, I'll fix it.
Commit message changed to:
This feature flag selects richacl instead of POSIX ACL support on the
filesystem. When this feature is off, the "acl" and
Andreas,
On Wed, Nov 4, 2015 at 3:18 AM, Andreas Dilger wrote:
> This patch confuses me. I thought the whole point of INCOMPAT_RICHACL
> was that the filesystem should never, ever be mounted without ACL support
> because the ACLs will get confused without it. In that case, it doesn't
> make
On Wed, Nov 4, 2015 at 3:13 AM, Andreas Dilger wrote:
> Patch looks reasonable. One minor cleanup below that could be fixed when
> the patch series is refreshed, and you can add:
>
> Reviewed-by: Andreas Dilger
Okay, thank you.
Andreas
--
To unsubscribe from this list: send the line
checking for delete access inside a directory, and MAY_DELETE_SELF
when checking for delete access to a file itelf.
The MAY_DELETE_SELF permission overrides the sticky directory check.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/namei.c | 21
masks
(such as setting an acl via nfsd). When user-space sets an acl via
setxattr, the extended attribute already includes the file masks.
Setting an acl also sets the file mode permission bits: they are
determined by the file masks; see richacl_masks_to_mode().
Signed-off-by: Andreas Gruenbacher
A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: &q
Cache richacls in struct inode so that this doesn't have to be done
individually in each filesystem. This is similar to POSIX ACLs.
Signed-off-by: Andreas Gruenbacher
---
fs/inode.c | 11 ++--
fs/posix_acl.c | 2 +-
fs/richacl_base.c | 4 +--
fs
Map between "system.richacl" xattrs and the in-kernel representation.
Signed-off-by: Andreas Gruenbacher
---
fs/Makefile| 2 +-
fs/richacl_xattr.c | 220 +
fs/xattr.c | 34 +
permission). The POSIX.1 standard calls this an
alternate file access control mechanism. A subsequent chmod() would
ensure that those permissions are disabled again.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_base.c | 42
Add richacl xattr handler implementing the xattr operations based on the
get_richacl and set_richacl inode operations.
Signed-off-by: Andreas Gruenbacher
---
fs/richacl_xattr.c| 78 +++
include/linux/richacl_xattr.h | 2 ++
2 files changed
be computed from the file permission bits.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_base.c | 104
include/linux/richacl.h | 1 +
2 files changed, 105 insertions(+)
diff --git a/fs/richacl_base.c b/fs
by
the inherited acl determines the file masks and file permission bits,
and the umask is ignored.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_base.c | 68 +++
fs/richacl_inode.c | 70
Make xfs_set_mode non-static and move it from xfs_acl.c into xfs_inode.c.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/xfs_acl.c | 18 --
fs/xfs/xfs_inode.c | 24
fs/xfs/xfs_inode.h | 2 ++
3 files changed, 26 insertions(+), 18 deletions(-)
diff
to "undo" applying the create mode; see richacl_compute_max_masks().
They should set the RICHACL_DEFAULTED flag. (A mechanism that would allow to
indicate to the kernel to ignore the create mode in the first place when there
are inherited permissions would be nice to have.)
Signed-off-b
From: "Aneesh Kumar K.V"
This feature flag selects richacl instead of posix acl support on the
file system. In addition, the "acl" mount option is needed for enabling
either of the two kinds of acls.
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Andreas Gruenbacher
---
correctly; the split version was
overestimating the list size for non-root users.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/xfs_acl.c | 23 -
fs/xfs/xfs_acl.h | 4 --
fs/xfs/xfs_xattr.c | 137 +++--
3 files changed, 59 insertions
From: "Aneesh Kumar K.V"
Support the richacl permission model in ext4. The richacls are stored
in "system.richacl" xattrs. Richacls need to be enabled by tune2fs or
at file system create time.
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Andreas Gruenbacher
---
fs/
Error codes from xfs_attr_get other than -ENOATTR were not properly
reported. Fix that.
In addition, the declaration of struct xfs_inode in xfs_acl.h isn't needed.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/xfs_acl.c | 1 +
fs/xfs/xfs_acl.h | 1 -
2 files changed, 1 insertion(+), 1
insert any additional aces in this step.)
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_compat.c | 198
1 file changed, 198 insertions(+)
diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c
index 962d314..e90d
Make sure that the XFS_IOC_ATTRMULTI_BY_HANDLE ioctl exposes richacls in
the same way as the xattr interface: check for mode-equivalent richacls,
update the inode permission bits, and perform user namespace mapping.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/xfs_ioctl.c | 27
be supported.
Signed-off-by: Andreas Gruenbacher
Acked-by: J. Bruce Fields
---
fs/Kconfig | 6 +
fs/nfs_common/Makefile | 1 +
fs/nfs_common/nfs4acl.c | 44 ++
fs/nfsd/Kconfig | 1 +
fs/nfsd/acl.h | 24 ++--
fs/nfsd/nfs4acl.c | 368
Put all the pieces of the acl transformation puzzle together for
computing a richacl which has the file masks "applied" so that the
standard nfsv4 access check algorithm can be used on the richacl.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richac
ssion bits into an equivalent acl with richacl_from_mode. Such
"trivial" acls can be converted back to a file mode with
richacl_equiv_mode.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_compat.c | 88 +
include/linux
We will decode acls in requests into richacls. Even if unlikely, there
can be more than one acl in a single request; those richacls need to be
richacl_put() at the end of the request instead of kfree()d, so keep a
list of acls in compoundargs for that.
Signed-off-by: Andreas Gruenbacher
Acked
Initialize xdr_stream and xdr_buf from a pages array, for encoding into
the pages.
Signed-off-by: Andreas Gruenbacher
---
include/linux/sunrpc/xdr.h | 2 ++
net/sunrpc/xdr.c | 25 +
2 files changed, 27 insertions(+)
diff --git a/include/linux/sunrpc/xdr.h b
and
"xgid" maps: they behave like the old "uid" and "gid" maps except that the IDs
of existing users and groups are prefixed by a "+" sign.
When the "xuid" or "xgid" maps are not supported, nfs falls back to the "uid"
and &quo
When decoding GETATTR replies, the client checks the attribute bitmap
for which attributes the server has sent. It misses bits at the word
boundaries, though; fix that.
Signed-off-by: Andreas Gruenbacher
---
fs/nfs/nfs4xdr.c | 23 +++
1 file changed, 23 insertions(+)
diff
The dacl attribute includes Automatic Inheritance flags not supported by
the acl attribute. it is only supported in NFS version 4.1 and higher.
On systems where NFS version 4.0 is still the default, an additional
mount option is needed:
mount -t nfs4 -o vers=4.1 [...]
Signed-off-by: Andreas
missions across different file systems.
Signed-off-by: Andreas Gruenbacher
---
fs/nfs/inode.c| 3 -
fs/nfs/nfs4proc.c | 731 ++
fs/nfs/nfs4xdr.c | 178 +--
fs/nfs/super.c| 4 +-
include/linux/nfs_
The arguments passed around for getacl and setacl xdr encoding, struct
nfs_setaclargs and struct nfs_getaclargs, both contain an array of
pages, an offset into the first page, and the length of the page data.
The offset is unused as it is always zero; remove it.
Signed-off-by: Andreas Gruenbacher
currently lack those extensions.
Ideally, all duplicate checks should be removed; for now, just fix the
duplicate checks instead though.
Signed-off-by: Andreas Gruenbacher
Acked-by: J. Bruce Fields
---
fs/nfsd/nfs4proc.c | 5 +++--
fs/nfsd/nfsfh.c| 8
fs/nfsd/vfs.c | 28
.
The server will only indicate dacl attribute support in protocol version
4.1 and later, on file systems with richacl support.
This commit also adds support for the NFSv4.1 NFS4_ACE_WRITE_RETENTION
and NFS4_ACE_WRITE_RETENTION_HOLD ACL permissions.
Signed-off-by: Andreas Gruenbacher
Acked-by: J. Bruce
Don't allow acls which contain unmapped identifiers: they are meaningful
for remote file systems only.
Signed-off-by: Andreas Gruenbacher
---
fs/ext4/richacl.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/ext4/richacl.c b/fs/ext4/richacl.c
index 906d048..2115385 100644
--- a/fs
When encoding large, variable-length objects such as acls into xdr_bufs,
it is easier to allocate buffer pages on demand rather than precomputing
the required buffer size.
Signed-off-by: Andreas Gruenbacher
---
net/sunrpc/xdr.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/net
Add support for encoding unmapped identifiers in richacl entries: local
filesystems are not usually supposed to store unmapped identifiers, but
allowing that for debugging purposes can be useful; for that, nfsd must
also be able to encode them.
Signed-off-by: Andreas Gruenbacher
---
fs/nfsd
t;e_id is ignored, and the
list of unmapped identifier strings contains a string for each acl entry
whose RICHACE_UNMAPPED_WHO flag is set.
Signed-off-by: Andreas Gruenbacher
---
fs/richacl_base.c| 139 ---
fs/richacl_compat.c | 18 +++-
Don't allow acls which contain unmapped identifiers: they are meaningful
for remote file systems only.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/xfs_richacl.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/xfs/xfs_richacl.c b/fs/xfs/xfs_richacl.c
index f8f5a62..4a2e21a 100644
Change the acl so that everyone@ is granted the permissions set in the
other mask.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_compat.c | 41 +
1 file changed, 41 insertions(+)
diff --git a/fs/richacl_compat.c b/fs
On file systems with richacls enabled, get and set richacls directly
instead of converting from / to posix acls.
Signed-off-by: Andreas Gruenbacher
Acked-by: J. Bruce Fields
---
fs/nfsd/acl.h | 3 +-
fs/nfsd/nfs4acl.c | 124 ++---
fs/nfsd
. For example, when
applying mode 0646 to the following acl:
owner@:rw::allow
everyone@:rw::allow
A deny ace needs to be inserted so that the owning group won't get
elevated write access:
owner@:rw::allow
group@:w::deny
everyone@:rw::allow
Signed-off-by: Andreas Gruenbacher
Reviewed
the
following algorithms, and eventually allows us to turn the final
everyone@ allow ace into an entry for the other class.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_compat.c | 65 +
1 file changed, 65
In the write-through case, change the acl so that owner@ is granted the
permissions set in the owner mask (to match what the permission check
algorithm grants the owner).
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_compat.c | 46
n a series of richacl transformation patches; it
implements basic richacl editing functions. The following patches
implement algorithms for transforming a richacl so that it can be
evaluated as a plain nfs4 acl, with identical permission check results.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Br
When setting attributes via XFS_IOC_ATTRMULTI_BY_HANDLE, the user-space
buffer is copied into a new kernel-space buffer via memdup_user; that
buffer then isn't freed.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: Dave Chinner
Signed-off-by: Dave Chinner
---
fs/xfs/xfs_ioctl.c | 5 -
1
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher
---
fs/namei.c | 51 +--
fs/posix_acl.c | 6 +++---
2 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index
trix small, and because xfs users
are highly likely to enable richacls anyway, richacl support cannot be
compiled out in xfs.
Signed-off-by: Andreas Gruenbacher
---
fs/xfs/Kconfig | 1 +
fs/xfs/Makefile| 1 +
fs/xfs/libxfs/xfs_format.h | 11 -
fs/xfs/
These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher
---
include/linux/fs.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/fs.h b
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/attr.c | 2 +-
include/linux/fs.h | 2 +-
2 files chan
Richacls support permissions that allow to take ownership of a file,
change the file permissions, and set the file timestamps. Support that
by introducing new permission mask flags and by checking for those mask
flags in inode_change_ok().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J
access when replacing an existing
file via vfs_rename(), add a replace parameter to may_delete().
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/namei.c | 43 +--
include/linux/fs.h | 2 ++
2 files changed, 27 insertions(+), 18
algorithm), and the file mask that applies to the
process includes the requested permissions.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/Makefile | 2 +
fs/richacl_base.c| 67
include/linux/richacl.h | 179
check in a richacl.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/richacl_base.c| 118 +++
include/linux/richacl.h | 3 ++
include/uapi/linux/richacl.h | 44
3 files changed, 165 insertions
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't have to
care which kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher
---
drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +-
fs/f2fs/acl.c
available in git form here:
git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
richacl-2015-11-03
The richacl user-space utilitites, man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-spac
is still needed by nfsd.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: J. Bruce Fields
---
fs/Kconfig | 3 +++
fs/namei.c | 8
include/linux/fs.h | 12
include/uapi/linux/fs.h | 3 ++-
4 files changed, 21 insertions(+), 5 deletions
available in git form here:
git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
richacl-2015-11-03
The richacl user-space utilitites, man pages, and test suite are available
here:
https://github.com/andreas-gruenbacher/richacl
Changes to other user-spac
is still needed by nfsd.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/Kconfig | 3 +++
fs/namei.c | 8
include/linux/fs.h | 12
include/uapi/linux/fs.h | 3
, introduce a new base_acl type and convert i_acl and
i_default_acl to that type. In most cases, the vfs then doesn't have to
care which kind of acl an inode caches (if any).
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +-
fs/f2fs
algorithm), and the file mask that applies to the
process includes the requested permissions.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/Makefile | 2 +
fs/richacl_base.c
check in a richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_base.c| 118 +++
include/linux/richacl.h | 3 ++
include/uapi/linux/ric
These operations are similar to the get_acl and set_acl operations for
POSIX ACLs. The distinction between access and default ACLs doesn't exist
for richacls.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
include/linux/fs.h | 2 ++
1 file changed, 2 insertions(+)
diff
We will need to call iop->permission and iop->get_acl from
inode_change_ok() for additional permission checks, and both take a
non-const inode.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/attr.c | 2
Richacls support permissions that allow to take ownership of a file,
change the file permissions, and set the file timestamps. Support that
by introducing new permission mask flags and by checking for those mask
flags in inode_change_ok().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.
access when replacing an existing
file via vfs_rename(), add a replace parameter to may_delete().
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/namei.c | 43 +--
include/lin
and
"xgid" maps: they behave like the old "uid" and "gid" maps except that the IDs
of existing users and groups are prefixed by a "+" sign.
When the "xuid" or "xgid" maps are not supported, nfs falls back to the "uid"
and &
We will decode acls in requests into richacls. Even if unlikely, there
can be more than one acl in a single request; those richacls need to be
richacl_put() at the end of the request instead of kfree()d, so keep a
list of acls in compoundargs for that.
Signed-off-by: Andreas Gruenbacher <ag
ssion bits into an equivalent acl with richacl_from_mode. Such
"trivial" acls can be converted back to a file mode with
richacl_equiv_mode.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
-
Put all the pieces of the acl transformation puzzle together for
computing a richacl which has the file masks "applied" so that the
standard nfsv4 access check algorithm can be used on the richacl.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Br
be supported.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Acked-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/Kconfig | 6 +
fs/nfs_common/Makefile | 1 +
fs/nfs_common/nfs4acl.c | 44 ++
fs/nfsd/Kconfig | 1 +
fs/nfsd/acl.h | 24 +
insert any additional aces in this step.)
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com>
---
fs/richacl_compat.c | 198
1 file changed, 198 insertions(+)
diff --git a/fs
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/namei.c | 51 +--
fs/posix_acl.c | 6 +++---
2 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/fs/n
trix small, and because xfs users
are highly likely to enable richacls anyway, richacl support cannot be
compiled out in xfs.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
---
fs/xfs/Kconfig | 1 +
fs/xfs/Makefile| 1 +
fs/xfs/libxfs/xfs_format.h |
n a series of richacl transformation patches; it
implements basic richacl editing functions. The following patches
implement algorithms for transforming a richacl so that it can be
evaluated as a plain nfs4 acl, with identical permission check results.
Signed-off-by: Andreas Gruenbacher <agrue.
When setting attributes via XFS_IOC_ATTRMULTI_BY_HANDLE, the user-space
buffer is copied into a new kernel-space buffer via memdup_user; that
buffer then isn't freed.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: Dave Chinner <dchin...@redhat.com>
Signed-
In the write-through case, change the acl so that owner@ is granted the
permissions set in the owner mask (to match what the permission check
algorithm grants the owner).
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Reviewed-by: J. Bruce Fields <bfie...@redhat.com
901 - 1000 of 2694 matches
Mail list logo