From: "Josef 'Jeff' Sipek" <jsipek@cs.sunysb.edu>
To: akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
hch@infradead.org, viro@ftp.linux.org.uk,
bharata@linux.vnet.ibm.com, j.blunck@tu-harburg.de,
Erez Zadok <ezk@cs.sunysb.edu>,
"Josef 'Jeff' Sipek" <jsipek@cs.sunysb.edu>
Subject: [PATCH 24/32] Unionfs: remove old nfsro option
Date: Sun, 2 Sep 2007 22:20:47 -0400 [thread overview]
Message-ID: <11887860581709-git-send-email-jsipek@cs.sunysb.edu> (raw)
In-Reply-To: <1188786055371-git-send-email-jsipek@cs.sunysb.edu>
From: Erez Zadok <ezk@cs.sunysb.edu>
Ensure that a branch set as 'ro' behaves like a real readonly mounted lower
file system. This allows us to remove the old 'nfsro' option. Now unionfs
handles even an readonly exported NFS file system, which was mounted on the
client in readwrite mode.
Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Josef 'Jeff' Sipek <jsipek@cs.sunysb.edu>
---
fs/unionfs/inode.c | 48 ++++++++++++++++++++++-----------------------
include/linux/union_fs.h | 3 --
2 files changed, 23 insertions(+), 28 deletions(-)
diff --git a/fs/unionfs/inode.c b/fs/unionfs/inode.c
index d6a79d5..4574fbe 100644
--- a/fs/unionfs/inode.c
+++ b/fs/unionfs/inode.c
@@ -948,47 +948,44 @@ static void unionfs_put_link(struct dentry *dentry, struct nameidata *nd,
* Basically copied from the kernel vfs permission(), but we've changed
* the following:
* (1) the IS_RDONLY check is skipped, and
- * (2) if you set the mount option `mode=nfsro', we assume that -EACCES
- * means that the export is read-only and we should check standard Unix
- * permissions. This means that NFS ACL checks (or other advanced
- * permission features) are bypassed. Note however, that we do call
- * security_inode_permission, and therefore security inside SELinux, etc.
- * are performed.
+ * (2) We return 0 (success) if the non-leftmost branch is mounted
+ * readonly, to allow copyup to work.
+ * (3) we do call security_inode_permission, and therefore security inside
+ * SELinux, etc. are performed.
*/
-static int inode_permission(struct inode *inode, int mask,
+static int inode_permission(struct super_block *sb, struct inode *inode, int mask,
struct nameidata *nd, int bindex)
{
int retval, submask;
if (mask & MAY_WRITE) {
+ umode_t mode = inode->i_mode;
/* The first branch is allowed to be really readonly. */
- if (bindex == 0) {
- umode_t mode = inode->i_mode;
- if (IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
- }
+ if (bindex == 0 &&
+ IS_RDONLY(inode) &&
+ (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
+ return -EROFS;
/*
* Nobody gets write access to an immutable file.
*/
if (IS_IMMUTABLE(inode))
return -EACCES;
+ /*
+ * For all other branches than the first one, we ignore
+ * EROFS or if the branch is mounted as readonly, to let
+ * copyup take place.
+ */
+ if (bindex > 0 &&
+ is_robranch_super(sb, bindex) &&
+ (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
+ return 0;
}
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
- if (inode->i_op && inode->i_op->permission) {
+ if (inode->i_op && inode->i_op->permission)
retval = inode->i_op->permission(inode, submask, nd);
- if ((retval == -EACCES) && (submask & MAY_WRITE) &&
- (!strcmp("nfs", (inode)->i_sb->s_type->name)) &&
- (nd) && (nd->mnt) && (nd->mnt->mnt_sb)) {
- int perms;
- perms = branchperms(nd->mnt->mnt_sb, bindex);
- if (perms & MAY_NFSRO)
- retval = generic_permission(inode, submask,
- NULL);
- }
- } else
+ else
retval = generic_permission(inode, submask, NULL);
if (retval && retval != -EROFS) /* ignore EROFS */
@@ -1046,7 +1043,8 @@ static int unionfs_permission(struct inode *inode, int mask,
* We use our own special version of permission, such that
* only the first branch returns -EROFS.
*/
- err = inode_permission(lower_inode, mask, nd, bindex);
+ err = inode_permission(inode->i_sb, lower_inode, mask, nd,
+ bindex);
/*
* The permissions are an intersection of the overall directory
diff --git a/include/linux/union_fs.h b/include/linux/union_fs.h
index 223ccab..9bc4e3b 100644
--- a/include/linux/union_fs.h
+++ b/include/linux/union_fs.h
@@ -22,8 +22,5 @@
/* We don't support normal remount, but unionctl uses it. */
# define UNIONFS_REMOUNT_MAGIC 0x4a5a4380
-/* should be at least LAST_USED_UNIONFS_PERMISSION<<1 */
-#define MAY_NFSRO 16
-
#endif /* _LINUX_UNIONFS_H */
--
1.5.2.2.238.g7cbf2f2
next prev parent reply other threads:[~2007-09-03 2:24 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-03 2:20 [GIT PULL -mm] Unionfs/fsstack/eCryptfs updates/cleanups/fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 01/32] VFS: export release_open_intent symbol Josef 'Jeff' Sipek
2007-09-03 16:29 ` Satyam Sharma
2007-09-03 17:38 ` Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 02/32] VFS/fsstack: remove 3rd argument to fsstack_copy_attr_all Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 03/32] VFS/fsstack: cpp endif comments Josef 'Jeff' Sipek
2007-09-03 6:39 ` Jan Engelhardt
2007-09-03 23:43 ` Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 04/32] Unionfs: fixed compilation error Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 05/32] Unionfs: do not use fsstack_copy_attr_all Josef 'Jeff' Sipek
2007-09-03 6:43 ` Jan Engelhardt
2007-09-03 2:20 ` [PATCH 06/32] Unionfs: copyright corrections and updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 07/32] Unionfs: cpp endif comments Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 08/32] Unionfs: cache-coherency - update inode times Josef 'Jeff' Sipek
2007-09-03 6:48 ` Jan Engelhardt
2007-09-03 2:20 ` [PATCH 09/32] Unionfs: cache-coherency - dentries Josef 'Jeff' Sipek
2007-09-03 6:52 ` Jan Engelhardt
2007-09-03 14:08 ` Josef 'Jeff' Sipek
2007-09-03 14:23 ` Jan Engelhardt
2007-09-03 23:39 ` [PATCH 1/1] " Josef 'Jeff' Sipek
2007-09-06 16:43 ` Josef 'Jeff' Sipek
2007-09-06 16:45 ` Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 10/32] Unionfs: cache-coherency - file flush Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 11/32] Unionfs: cache-coherency and fixes for unionfs_rename Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 12/32] Unionfs: documentation updates Josef 'Jeff' Sipek
2007-09-03 6:59 ` Jan Engelhardt
2007-09-03 14:04 ` Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 13/32] Unionfs: copyup updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 14/32] Unionfs: file_revalidate updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 15/32] Unionfs: implement f/async Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 16/32] Unionfs: minor file_release updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 17/32] Unionfs: interpose updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 18/32] Unionfs: unionfs_ioctl bug fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 19/32] Unionfs: partial_lookup update Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 20/32] Unionfs: lower nameidata support Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 21/32] Unionfs: mmap fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 22/32] Unionfs: handling lower vfsmount fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 23/32] Unionfs: mount-time option parsing fix Josef 'Jeff' Sipek
2007-09-03 2:20 ` Josef 'Jeff' Sipek [this message]
2007-09-03 2:20 ` [PATCH 25/32] Unionfs: readonly branch test fix Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 26/32] Unionfs: minor remount fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 27/32] Unionfs: extended attributes fixes Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 28/32] Unionfs: use file f_path field Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 29/32] Unionfs: assorted comment and style updates Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 30/32] Unionfs: update unionfs version number Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 31/32] Unionfs: debugging and validation of fan-out invariants Josef 'Jeff' Sipek
2007-09-03 2:20 ` [PATCH 32/32] Unionfs: unionfs_create rewrite Josef 'Jeff' Sipek
2007-09-03 3:48 ` [GIT PULL -mm] Unionfs/fsstack/eCryptfs updates/cleanups/fixes Al Boldi
2007-09-03 16:18 ` Erez Zadok
2007-09-03 18:26 ` Al Boldi
2007-09-03 18:42 ` Erez Zadok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11887860581709-git-send-email-jsipek@cs.sunysb.edu \
--to=jsipek@cs.sunysb.edu \
--cc=akpm@linux-foundation.org \
--cc=bharata@linux.vnet.ibm.com \
--cc=ezk@cs.sunysb.edu \
--cc=hch@infradead.org \
--cc=j.blunck@tu-harburg.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).