From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?iso-8859-1?Q?Bj=F6rn?= Steinbrink <B.Steinbrink@gmx.de>
Subject: Re: [RFC/PATCH] revoke/frevoke system calls
Date: Thu, 20 Jul 2006 23:09:01 +0200
Message-ID: <20060720210901.GA29485@atjola.homenet>
References: <Pine.LNX.4.58.0607201504040.18901@sbz-30.cs.Helsinki.FI> <5dd5c0nixe.fsf@attruh.keh.iki.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail.gmx.net ([213.165.64.21]:42120 "HELO mail.gmx.net")
	by vger.kernel.org with SMTP id S1030324AbWGTVJE (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 20 Jul 2006 17:09:04 -0400
To: Kari Hurtta <hurtta+gmane@siilo.fmi.fi>
Content-Disposition: inline
In-Reply-To: <5dd5c0nixe.fsf@attruh.keh.iki.fi>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On 2006.07.20 23:02:53 +0300, Kari Hurtta wrote:
> Pekka J Enberg <penberg@cs.Helsinki.FI> writes in
> gmane.linux.file-systems,gmane.linux.kernel:
>=20
> > From: Pekka Enberg <penberg@cs.helsinki.fi>
> >=20
> > This patch implements the revoke(2) and frevoke(2) system calls for=
 all
> > types of files. We revoke files in two passes: first we scan all op=
en=20
> > files that refer to the inode and substitute the struct file pointe=
r in fd=20
> > table with NULL causing all subsequent operations on that fd to fai=
l.=20
> > After we have done that to all file descriptors, we close the files=
 and=20
> > take down mmaps.
> >=20
> > Note that now we need to unconditionally do fput/fget in sys_write =
and
> > sys_read because they race with do_revoke.
> >=20
> > Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
>=20
> What permissions is needed revoke access of other users open
> files ?
>=20
> > +asmlinkage int sys_revoke(const char __user *filename)
> > +{
> > +	int err;
> > +	struct nameidata nd;
> > +
> > +	err =3D __user_walk(filename, 0, &nd);
> > +	if (!err) {
> > +		err =3D do_revoke(nd.dentry->d_inode, NULL);
> > +		path_release(&nd);
> > +	}
> > +	return err;
> > +}
> > +
> > +asmlinkage int sys_frevoke(unsigned int fd)
> > +{
> > +	struct file *file =3D fget(fd);
> > +	int err =3D -EBADF;
> > +
> > +	if (file) {
> > +		err =3D do_revoke(file->f_dentry->d_inode, file);
> > +		fput(file);
> > +	}
> > +	return err;
> > +}
>=20
> Is that requiring only that user is able to refer file ?
>=20
>=20
> BSD manual page for revoke(2) seems say:
>=20
>     Access to a file may be revoked only by its owner or the super us=
er.

In do_revoke() there is:

+	if (current->fsuid !=3D inode->i_uid && !capable(CAP_FOWNER)) {
+		ret =3D -EPERM;
+		goto out;

That pretty much matches what the BSD manpage says.

Bj=F6rn
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel=
" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html