From: Andreas Gruenbacher <agruenba@redhat.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4 <linux-ext4@vger.kernel.org>,
XFS Developers <xfs@oss.sgi.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
linux-cifs@vger.kernel.org, Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v23 07/22] richacl: Permission mapping functions
Date: Mon, 11 Jul 2016 15:26:40 +0200 [thread overview]
Message-ID: <CAHc6FU7n13=g-v-X7y6_ojV2HOkt8qL6ywMzRzWxScTHm10Ynw@mail.gmail.com> (raw)
In-Reply-To: <1467725986.3800.22.camel@redhat.com>
On Tue, Jul 5, 2016 at 3:39 PM, Jeff Layton <jlayton@redhat.com> wrote:
> On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
>> We need to map from POSIX permissions to NFSv4 permissions when a
>> chmod() is done, from NFSv4 permissions to POSIX permissions when an acl
>> is set (which implicitly sets the file permission bits), and from the
>> MAY_READ/MAY_WRITE/MAY_EXEC/MAY_APPEND flags to NFSv4 permissions when
>> doing an access check in a richacl.
>>
>> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
>> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
>> ---
>> fs/richacl.c | 118 +++++++++++++++++++++++++++++++++++++++++++
>> include/linux/richacl.h | 3 ++
>> include/uapi/linux/richacl.h | 44 ++++++++++++++++
>> 3 files changed, 165 insertions(+)
>>
>> diff --git a/fs/richacl.c b/fs/richacl.c
>> index bcc6591..d0a4135 100644
>> --- a/fs/richacl.c
>> +++ b/fs/richacl.c
>> @@ -63,3 +63,121 @@ richace_copy(struct richace *to, const struct richace *from)
>> {
>> memcpy(to, from, sizeof(struct richace));
>> }
>> +
>> +/*
>> + * richacl_mask_to_mode - compute the file permission bits from mask
>> + * @mask: %RICHACE_* permission mask
>> + *
>> + * Compute the file permission bits corresponding to a particular set of
>> + * richacl permissions.
>> + *
>> + * See richacl_masks_to_mode().
>> + */
>> +static int
>> +richacl_mask_to_mode(unsigned int mask)
>> +{
>> + int mode = 0;
>> +
>> + if (mask & RICHACE_POSIX_MODE_READ)
>> + mode |= S_IROTH;
>> + if (mask & RICHACE_POSIX_MODE_WRITE)
>> + mode |= S_IWOTH;
>> + if (mask & RICHACE_POSIX_MODE_EXEC)
>> + mode |= S_IXOTH;
>> +
>> + return mode;
>> +}
>> +
>> +/**
>> + * richacl_masks_to_mode - compute file permission bits from file masks
>> + *
>> + * When setting a richacl, we set the file permission bits to indicate maximum
>> + * permissions: for example, we set the Write permission when a mask contains
>> + * RICHACE_APPEND_DATA even if it does not also contain RICHACE_WRITE_DATA.
>> + *
>> + * Permissions which are not in RICHACE_POSIX_MODE_READ,
>> + * RICHACE_POSIX_MODE_WRITE, or RICHACE_POSIX_MODE_EXEC cannot be represented
>> + * in the file permission bits. Such permissions can still be effective, but
>> + * not for new files or after a chmod(); they must be explicitly enabled in the
>> + * richacl.
>> + */
>> +int
>> +richacl_masks_to_mode(const struct richacl *acl)
>> +{
>> + return richacl_mask_to_mode(acl->a_owner_mask) << 6 |
>> + richacl_mask_to_mode(acl->a_group_mask) << 3 |
>> + richacl_mask_to_mode(acl->a_other_mask);
>> +}
>> +EXPORT_SYMBOL_GPL(richacl_masks_to_mode);
>> +
>> +/**
>> + * richacl_mode_to_mask - compute a file mask from the lowest three mode bits
>> + * @mode: mode to convert to richacl permissions
>> + *
>> + * When the file permission bits of a file are set with chmod(), this specifies
>> + * the maximum permissions that processes will get. All permissions beyond
>> + * that will be removed from the file masks, and become ineffective.
>> + */
>> +unsigned int
>> +richacl_mode_to_mask(umode_t mode)
>> +{
>> + unsigned int mask = 0;
>> +
>> + if (mode & S_IROTH)
>> + mask |= RICHACE_POSIX_MODE_READ;
>> + if (mode & S_IWOTH)
>> + mask |= RICHACE_POSIX_MODE_WRITE;
>> + if (mode & S_IXOTH)
>> + mask |= RICHACE_POSIX_MODE_EXEC;
>> +
>> + return mask;
>> +}
>> +
>> +/**
>> + * richacl_want_to_mask - convert the iop->permission want argument to a mask
>> + * @want: @want argument of the permission inode operation
>> + *
>> + * When checking for append, @want is (MAY_WRITE | MAY_APPEND).
>> + *
>> + * Richacls use the iop->may_create and iop->may_delete hooks which are used
>> + * for checking if creating and deleting files is allowed. These hooks do not
>> + * use richacl_want_to_mask(), so we do not have to deal with mapping MAY_WRITE
>> + * to RICHACE_ADD_FILE, RICHACE_ADD_SUBDIRECTORY, and RICHACE_DELETE_CHILD
>> + * here.
>> + */
>
> This comment is confusing as I don't see any may_create or may_delete
> iops in the final patchset. Do you mean may_create() and may_delete()
> here?
Since this is only called from richacl_permission, the comment doesn't
make much sense anymore; removing. Also, richacl_want_to_mask can be
turned into a static function.
>> +unsigned int
>> +richacl_want_to_mask(unsigned int want)
>> +{
>> + unsigned int mask = 0;
>> +
>> + if (want & MAY_READ)
>> + mask |= RICHACE_READ_DATA;
>> + if (want & MAY_DELETE_SELF)
>> + mask |= RICHACE_DELETE;
>> + if (want & MAY_TAKE_OWNERSHIP)
>> + mask |= RICHACE_WRITE_OWNER;
>> + if (want & MAY_CHMOD)
>> + mask |= RICHACE_WRITE_ACL;
>> + if (want & MAY_SET_TIMES)
>> + mask |= RICHACE_WRITE_ATTRIBUTES;
>> + if (want & MAY_EXEC)
>> + mask |= RICHACE_EXECUTE;
>> + /*
>> + * differentiate MAY_WRITE from these request
>> + */
>> + if (want & (MAY_APPEND |
>> + MAY_CREATE_FILE | MAY_CREATE_DIR |
>> + MAY_DELETE_CHILD)) {
>> + if (want & MAY_APPEND)
>> + mask |= RICHACE_APPEND_DATA;
>> + if (want & MAY_CREATE_FILE)
>> + mask |= RICHACE_ADD_FILE;
>> + if (want & MAY_CREATE_DIR)
>> + mask |= RICHACE_ADD_SUBDIRECTORY;
>> + if (want & MAY_DELETE_CHILD)
>> + mask |= RICHACE_DELETE_CHILD;
>> + } else if (want & MAY_WRITE)
>> + mask |= RICHACE_WRITE_DATA;
>> + return mask;
>> +}
>> +EXPORT_SYMBOL_GPL(richacl_want_to_mask);
>> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
>> index edb8480..9102ef0 100644
>> --- a/include/linux/richacl.h
>> +++ b/include/linux/richacl.h
>> @@ -175,5 +175,8 @@ richace_is_same_identifier(const struct richace *a, const struct richace *b)
>> extern struct richacl *richacl_alloc(int, gfp_t);
>> extern struct richacl *richacl_clone(const struct richacl *, gfp_t);
>> extern void richace_copy(struct richace *, const struct richace *);
>> +extern int richacl_masks_to_mode(const struct richacl *);
>> +extern unsigned int richacl_mode_to_mask(umode_t);
>> +extern unsigned int richacl_want_to_mask(unsigned int);
>>
>> #endif /* __RICHACL_H */
>> diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h
>> index 08856f8..1ed48ac 100644
>> --- a/include/uapi/linux/richacl.h
>> +++ b/include/uapi/linux/richacl.h
>> @@ -96,4 +96,48 @@
>> RICHACE_WRITE_OWNER | \
>> RICHACE_SYNCHRONIZE )
>>
>> +/*
>> + * The POSIX permissions are supersets of the following richacl permissions:
>> + *
>> + * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type
>> + * of the file system object.
>> + *
>> + * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to
>> + * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories.
>> + *
>> + * - MAY_EXECUTE maps to RICHACE_EXECUTE.
>> + *
>> + * (Some of these richacl permissions have the same bit values.)
>> + */
>> +#define RICHACE_POSIX_MODE_READ ( \
>> + RICHACE_READ_DATA | \
>> + RICHACE_LIST_DIRECTORY)
>> +#define RICHACE_POSIX_MODE_WRITE ( \
>> + RICHACE_WRITE_DATA | \
>> + RICHACE_ADD_FILE | \
>> + RICHACE_APPEND_DATA | \
>> + RICHACE_ADD_SUBDIRECTORY | \
>> + RICHACE_DELETE_CHILD)
>> +#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE
>> +#define RICHACE_POSIX_MODE_ALL ( \
>> + RICHACE_POSIX_MODE_READ | \
>> + RICHACE_POSIX_MODE_WRITE | \
>> + RICHACE_POSIX_MODE_EXEC)
>> +
>> +/*
>> + * These permissions are always allowed no matter what the acl says.
>> + */
>> +#define RICHACE_POSIX_ALWAYS_ALLOWED ( \
>> + RICHACE_SYNCHRONIZE | \
>> + RICHACE_READ_ATTRIBUTES | \
>> + RICHACE_READ_ACL)
>> +
>> +/*
>> + * The owner is implicitly granted these permissions under POSIX.
>> + */
>> +#define RICHACE_POSIX_OWNER_ALLOWED ( \
>> + RICHACE_WRITE_ATTRIBUTES | \
>> + RICHACE_WRITE_OWNER | \
>> + RICHACE_WRITE_ACL)
>> +
>> #endif /* __UAPI_RICHACL_H */
>
> Other than the confusing comment, this looks ok.
>
> Reviewed-by: Jeff Layton <jlayton@redhat.com>
Thanks,
Andreas
next prev parent reply other threads:[~2016-07-11 13:26 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 13:46 [PATCH v23 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-07-05 11:00 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
[not found] ` <1467294433-3222-3-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:02 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
[not found] ` <1467294433-3222-4-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:07 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
[not found] ` <1467294433-3222-5-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 11:12 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-07-05 11:18 ` Jeff Layton
2016-06-30 13:46 ` [PATCH v23 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-07-05 11:34 ` Jeff Layton
[not found] ` <1467718448.3800.16.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-11 10:11 ` Andreas Gruenbacher
2016-06-30 13:46 ` [PATCH v23 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-07-05 13:39 ` Jeff Layton
2016-07-11 13:26 ` Andreas Gruenbacher [this message]
2016-06-30 13:46 ` [PATCH v23 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
[not found] ` <1467294433-3222-9-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 14:22 ` Jeff Layton
2016-07-05 17:08 ` Frank Filz
2016-07-13 12:34 ` Andreas Gruenbacher
2016-07-13 19:38 ` Frank Filz
2016-06-30 13:47 ` [PATCH v23 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-07-05 14:59 ` Jeff Layton
2016-07-11 13:28 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 10/22] posix_acl: Improve xattr fixup code Andreas Gruenbacher
[not found] ` <1467294433-3222-11-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 15:38 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
[not found] ` <1467294433-3222-12-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-05 15:56 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
[not found] ` <1467294433-3222-13-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-06 18:31 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
[not found] ` <1467294433-3222-14-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-06 18:57 ` Jeff Layton
2016-07-14 20:02 ` Andreas Gruenbacher
[not found] ` <1467831425.2908.16.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-07 14:14 ` David Howells
2016-06-30 13:47 ` [PATCH v23 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
[not found] ` <1467294433-3222-15-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-12 11:36 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-07-12 11:39 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-07-12 11:41 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-07-12 11:56 ` Jeff Layton
[not found] ` <1468324560.7798.14.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-12 19:11 ` J. Bruce Fields
[not found] ` <20160712191142.GE449-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2016-07-12 20:28 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-07-12 12:02 ` Jeff Layton
2016-07-14 20:33 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-07-12 12:13 ` Jeff Layton
2016-06-30 13:47 ` [PATCH v23 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-07-12 12:13 ` Jeff Layton
[not found] ` <1468325634.7798.24.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-14 20:59 ` Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-06-30 13:47 ` [PATCH v23 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-06-30 14:11 ` [PATCH v23 00/22] Richacls (Core and Ext4) Volker Lendecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHc6FU7n13=g-v-X7y6_ojV2HOkt8qL6ywMzRzWxScTHm10Ynw@mail.gmail.com' \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=jlayton@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).