From: "Aneesh Kumar K. V" <aneesh.kumar@linux.vnet.ibm.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: sfrench@us.ibm.com, ffilz@us.ibm.com, agruen@suse.de,
adilger@sun.com, sandeen@redhat.com, tytso@mit.edu,
bfields@citi.umich.edu, linux-fsdevel@vger.kernel.org,
nfsv4@linux-nfs.org, linux-ext4@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags
Date: Sat, 25 Sep 2010 00:46:03 +0530 [thread overview]
Message-ID: <m3vd5v9clo.fsf@linux.vnet.ibm.com> (raw)
In-Reply-To: <20100924115423.530813c3@tlielax.poochiereds.net>
On Fri, 24 Sep 2010 11:54:23 -0400, Jeff Layton <jlayton@redhat.com> wrote:
> On Fri, 24 Sep 2010 18:18:11 +0530
> "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> wrote:
>
> > From: Andreas Gruenbacher <agruen@suse.de>
> >
> > Some permission models distinguish between the permission to create a
> > non-directory and a directory. Pass this information down to
> > inode_permission() as mask flags
> >
> > Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
> > Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
> > ---
> > fs/namei.c | 21 ++++++++++++---------
> > include/linux/fs.h | 2 ++
> > 2 files changed, 14 insertions(+), 9 deletions(-)
> >
> > diff --git a/fs/namei.c b/fs/namei.c
> > index b0b8a71..ed786b2 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -253,7 +253,8 @@ int generic_permission(struct inode *inode, int mask,
> > * for filesystem access without changing the "normal" uids which
> > * are used for other things.
> > *
> > - * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.
> > + * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR,
> > + * MAY_WRITE must also be set in @mask.
> > */
> > int inode_permission(struct inode *inode, int mask)
> > {
> > @@ -1337,13 +1338,15 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
> > * 3. We should have write and exec permissions on dir
> > * 4. We can't do it if dir is immutable (done in permission())
> > */
> > -static inline int may_create(struct inode *dir, struct dentry *child)
> > +static inline int may_create(struct inode *dir, struct dentry *child, int isdir)
> ^^^^^
> nit: maybe saner as a bool?
> > {
> > + int mask = isdir ? MAY_CREATE_DIR : MAY_CREATE_FILE;
> > +
> > if (child->d_inode)
> > return -EEXIST;
> > if (IS_DEADDIR(dir))
> > return -ENOENT;
> > - return inode_permission(dir, MAY_WRITE | MAY_EXEC);
> > + return inode_permission(dir, MAY_WRITE | MAY_EXEC | mask);
> > }
> >
> > /*
> > @@ -1391,7 +1394,7 @@ void unlock_rename(struct dentry *p1, struct dentry *p2)
> > int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
> > struct nameidata *nd)
> > {
> > - int error = may_create(dir, dentry);
> > + int error = may_create(dir, dentry, 0);
> >
> > if (error)
> > return error;
> > @@ -1953,7 +1956,7 @@ EXPORT_SYMBOL_GPL(lookup_create);
> >
> > int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
> > {
> > - int error = may_create(dir, dentry);
> > + int error = may_create(dir, dentry, 0);
> >
> > if (error)
> > return error;
> > @@ -2057,7 +2060,7 @@ SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
> >
> > int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
> > {
> > - int error = may_create(dir, dentry);
> > + int error = may_create(dir, dentry, 1);
> >
> > if (error)
> > return error;
> > @@ -2342,7 +2345,7 @@ SYSCALL_DEFINE1(unlink, const char __user *, pathname)
> >
> > int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
> > {
> > - int error = may_create(dir, dentry);
> > + int error = may_create(dir, dentry, 0);
> >
> > if (error)
> > return error;
> > @@ -2415,7 +2418,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
> > if (!inode)
> > return -ENOENT;
> >
> > - error = may_create(dir, new_dentry);
> > + error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode));
>
> ^^^^ this is a little
> scary, but even if it's
> a directory, it'll get
> kicked out in a later
> check. Would it be
> clearer to move up the
> S_ISDIR() check in this
> function and then pass
> this in as false?
Can you elaborate on this ?
-aneesh
next prev parent reply other threads:[~2010-09-24 19:16 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-24 12:48 [PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 01/11] vfs: Indicate that the permission functions take all the MAY_* flags Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 02/11] vfs: Pass all mask flags down to iop->check_acl Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 03/11] vfs: Add a comment to inode_permission() Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 04/11] vfs: Add generic IS_ACL() test for acl support Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 05/11] vfs: Add IS_RICHACL() test for richacl support Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 06/11] vfs: Optimize out IS_RICHACL() if CONFIG_FS_RICHACL is not defined Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 07/11] vfs: Make acl_permission_check() work for richacls Aneesh Kumar K.V
2010-09-24 15:50 ` Jeff Layton
2010-09-24 18:55 ` Aneesh Kumar K. V
2010-09-27 13:03 ` Andreas Gruenbacher
2010-09-24 12:48 ` [PATCH -V4 08/11] vfs: Add new file and directory create permission flags Aneesh Kumar K.V
2010-09-24 15:54 ` Jeff Layton
2010-09-24 19:16 ` Aneesh Kumar K. V [this message]
2010-09-24 19:23 ` Jeff Layton
2010-09-27 13:14 ` Andreas Gruenbacher
2011-01-02 23:21 ` Ted Ts'o
2011-01-03 5:20 ` Andreas Dilger
2011-01-03 5:59 ` Andreas Dilger
2011-01-03 14:20 ` Aneesh Kumar K. V
2010-09-24 12:48 ` [PATCH -V4 09/11] vfs: Add delete child and delete self " Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 10/11] vfs: Make the inode passed to inode_change_ok non-const Aneesh Kumar K.V
2010-09-24 12:48 ` [PATCH -V4 11/11] vfs: Add permission flags for setting file attributes Aneesh Kumar K.V
2010-10-12 0:24 ` [PATCH -V4 00/11] New ACL format for better NFSv4 acl interoperability J. Bruce Fields
2010-10-12 7:17 ` Aneesh Kumar K. V
2010-10-12 15:35 ` J. Bruce Fields
2010-10-25 19:09 ` J. Bruce Fields
2010-10-26 4:35 ` Aneesh Kumar K. V
2010-11-01 15:30 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3vd5v9clo.fsf@linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=adilger@sun.com \
--cc=agruen@suse.de \
--cc=bfields@citi.umich.edu \
--cc=ffilz@us.ibm.com \
--cc=jlayton@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=sandeen@redhat.com \
--cc=sfrench@us.ibm.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.