From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bob Peterson Date: Wed, 30 Aug 2017 08:43:46 -0400 (EDT) Subject: [Cluster-devel] [PATCH 2/2] gfs2: preserve i_mode if __gfs2_set_acl() fails In-Reply-To: References: Message-ID: <1147609228.3543995.1504097026773.JavaMail.zimbra@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ----- Original Message ----- | When changing a file's acl mask, __gfs2_set_acl() will first set the | group bits of i_mode to the value of the mask, and only then set the | actual extended attribute representing the new acl. | | If the second part fails (due to lack of space, for example) and the | file had no acl attribute to begin with, the system will from now on | assume that the mask permission bits are actual group permission bits, | potentially granting access to the wrong users. | | Prevent this by only changing the inode mode after the acl has been set. | | Signed-off-by: Ernesto A. Fern?ndez | --- Hi Ernesto, This patch seems to be for Linus's tree, not the active "for-next" upstream development branch we use for GFS2. Since the last merge window, function __gfs2_set_acl was heavily modified by a patch from Jan Kara called "gfs2: Don't clear SGID when inheriting ACLs" which deleted the section of code you modified, in favor of another. So your patch does not apply to for-next. See: https://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git/commit/fs/gfs2?h=for-next&id=914cea93dd89f00b41c1d8ff93f17be47356a36a Can you rework this patch so it applies to the for-next branch of the linux-gfs2 git tree? Thanks. Regards, Bob Peterson Red Hat File Systems